Vulnerability-Lookup

CVE-2025-23184 (GCVE-0-2025-23184)

Vulnerability from cvelistv5 – Published: 2025-01-21 09:35 – Updated: 2025-12-15 15:58

Title

Apache CXF: Denial of Service vulnerability with temporary files

Summary

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

apache

References

5 references

URL	Tags
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	vendor-advisory
http://www.openwall.com/lists/oss-security/2025/01/20/3
https://security.netapp.com/advisory/ntap-2025021…
https://www.vicarius.io/vsociety/posts/cve-2025-2…
https://www.vicarius.io/vsociety/posts/cve-2025-2…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache CXF	Affected: 0 , < 3.5.10 (semver) Affected: 3.6.0 , < 3.6.5 (semver) Affected: 4.0.0 , < 4.0.6 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-15T15:58:16.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/20/3"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250214-0003/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23184",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T15:12:38.751238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T15:12:47.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache CXF",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.5.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.6.5",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u0026nbsp;3.5.10, 3.6.5 and 4.0.6.\u0026nbsp;In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u00a03.5.10, 3.6.5 and 4.0.6.\u00a0In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T09:35:37.468Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "source": {
        "defect": [
          "CXF-7396"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache CXF: Denial of Service vulnerability with temporary files",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-23184",
    "datePublished": "2025-01-21T09:35:37.468Z",
    "dateReserved": "2025-01-13T10:54:19.489Z",
    "dateUpdated": "2025-12-15T15:58:16.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-23184",
      "date": "2026-06-26",
      "epss": "0.01941",
      "percentile": "0.7759"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-23184\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-01-21T10:15:08.110\",\"lastModified\":\"2025-12-15T16:15:52.643\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A potential denial of service vulnerability is present in versions of Apache CXF before\u00a03.5.10, 3.6.5 and 4.0.6.\u00a0In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).\"},{\"lang\":\"es\",\"value\":\"Hay una posible vulnerabilidad de denegaci\u00f3n de servicio presente en versiones de Apache CXF anteriores a 3.5.10, 3.6.5 y 4.0.6. En algunos casos extremos, es posible que las instancias de CachedOutputStream no se cierren y, si est\u00e1n respaldadas por archivos temporales, pueden llenar el archivo sistema (se aplica a servidores y clientes).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.10\",\"matchCriteriaId\":\"4F551B7C-101F-4859-B2CD-C9F76D7C61F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.5\",\"matchCriteriaId\":\"A581BA3B-93A1-4AED-AAF7-041EFC91EFE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.0.6\",\"matchCriteriaId\":\"3533A0DD-FA20-4427-A9A3-3FAFFF37D5BF\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/01/20/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20250214-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/01/20/3\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250214-0003/\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-12-15T15:58:16.867Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-23184\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-21T15:12:38.751238Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-21T15:12:43.451Z\"}}], \"cna\": {\"title\": \"Apache CXF: Denial of Service vulnerability with temporary files\", \"source\": {\"defect\": [\"CXF-7396\"], \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache CXF\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.5.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.0.6\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A potential denial of service vulnerability is present in versions of Apache CXF before\\u00a03.5.10, 3.6.5 and 4.0.6.\\u00a0In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A potential denial of service vulnerability is present in versions of Apache CXF before\u0026nbsp;3.5.10, 3.6.5 and 4.0.6.\u0026nbsp;In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-01-21T09:35:37.468Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-23184\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-15T15:58:16.867Z\", \"dateReserved\": \"2025-01-13T10:54:19.489Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-01-21T09:35:37.468Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

RHSA-2025:10459

Vulnerability from csaf_redhat - Published: 2025-07-07 13:35 - Updated: 2026-06-25 04:58

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-2251

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-27611

A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-1007 - Insufficient Visual Distinction of Homoglyphs Presented to User

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix

Threats

Impact Important

References

53 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10459	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://access.redhat.com/articles/7120566	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2363176	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://issues.redhat.com/browse/JBEAP-28866	external
https://issues.redhat.com/browse/JBEAP-28992	external
https://issues.redhat.com/browse/JBEAP-29257	external
https://issues.redhat.com/browse/JBEAP-29530	external
https://issues.redhat.com/browse/JBEAP-29679	external
https://issues.redhat.com/browse/JBEAP-29691	external
https://issues.redhat.com/browse/JBEAP-29692	external
https://issues.redhat.com/browse/JBEAP-29806	external
https://issues.redhat.com/browse/JBEAP-29863	external
https://issues.redhat.com/browse/JBEAP-29867	external
https://issues.redhat.com/browse/JBEAP-29984	external
https://issues.redhat.com/browse/JBEAP-29999	external
https://issues.redhat.com/browse/JBEAP-30087	external
https://issues.redhat.com/browse/JBEAP-30151	external
https://issues.redhat.com/browse/JBEAP-30157	external
https://issues.redhat.com/browse/JBEAP-30263	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-27611	self
https://bugzilla.redhat.com/show_bug.cgi?id=2363176	external
https://www.cve.org/CVERecord?id=CVE-2025-27611	external
https://nvd.nist.gov/vuln/detail/CVE-2025-27611	external
https://github.com/cryptocoinjs/base-x/pull/86	external
https://github.com/cryptocoinjs/base-x/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10459",
        "url": "https://access.redhat.com/errata/RHSA-2025:10459"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7120566",
        "url": "https://access.redhat.com/articles/7120566"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2363176",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "JBEAP-28866",
        "url": "https://issues.redhat.com/browse/JBEAP-28866"
      },
      {
        "category": "external",
        "summary": "JBEAP-28992",
        "url": "https://issues.redhat.com/browse/JBEAP-28992"
      },
      {
        "category": "external",
        "summary": "JBEAP-29257",
        "url": "https://issues.redhat.com/browse/JBEAP-29257"
      },
      {
        "category": "external",
        "summary": "JBEAP-29530",
        "url": "https://issues.redhat.com/browse/JBEAP-29530"
      },
      {
        "category": "external",
        "summary": "JBEAP-29679",
        "url": "https://issues.redhat.com/browse/JBEAP-29679"
      },
      {
        "category": "external",
        "summary": "JBEAP-29691",
        "url": "https://issues.redhat.com/browse/JBEAP-29691"
      },
      {
        "category": "external",
        "summary": "JBEAP-29692",
        "url": "https://issues.redhat.com/browse/JBEAP-29692"
      },
      {
        "category": "external",
        "summary": "JBEAP-29806",
        "url": "https://issues.redhat.com/browse/JBEAP-29806"
      },
      {
        "category": "external",
        "summary": "JBEAP-29863",
        "url": "https://issues.redhat.com/browse/JBEAP-29863"
      },
      {
        "category": "external",
        "summary": "JBEAP-29867",
        "url": "https://issues.redhat.com/browse/JBEAP-29867"
      },
      {
        "category": "external",
        "summary": "JBEAP-29984",
        "url": "https://issues.redhat.com/browse/JBEAP-29984"
      },
      {
        "category": "external",
        "summary": "JBEAP-29999",
        "url": "https://issues.redhat.com/browse/JBEAP-29999"
      },
      {
        "category": "external",
        "summary": "JBEAP-30087",
        "url": "https://issues.redhat.com/browse/JBEAP-30087"
      },
      {
        "category": "external",
        "summary": "JBEAP-30151",
        "url": "https://issues.redhat.com/browse/JBEAP-30151"
      },
      {
        "category": "external",
        "summary": "JBEAP-30157",
        "url": "https://issues.redhat.com/browse/JBEAP-30157"
      },
      {
        "category": "external",
        "summary": "JBEAP-30263",
        "url": "https://issues.redhat.com/browse/JBEAP-30263"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10459.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
    "tracking": {
      "current_release_date": "2026-06-25T04:58:55+00:00",
      "generator": {
        "date": "2026-06-25T04:58:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2025:10459",
      "initial_release_date": "2025-07-07T13:35:06+00:00",
      "revision_history": [
        {
          "date": "2025-07-07T13:35:06+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-07T13:35:06+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T04:58:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 8.0.8",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 8.0.8",
                  "product_id": "Red Hat JBoss Enterprise Application Platform 8.0.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "cve": "CVE-2025-27611",
      "cwe": {
        "id": "CWE-1007",
        "name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
      },
      "discovery_date": "2025-04-30T20:00:45.852222+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2363176"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "RHBZ#2363176",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "https://github.com/cryptocoinjs/base-x/pull/86",
          "url": "https://github.com/cryptocoinjs/base-x/pull/86"
        },
        {
          "category": "external",
          "summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
          "url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
        }
      ],
      "release_date": "2025-04-30T19:36:57.356000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10924

Vulnerability from csaf_redhat - Published: 2025-07-14 15:56 - Updated: 2026-06-25 03:58

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036) * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10234

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-23366

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-35036

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Important

References

70 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10924	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://issues.redhat.com/browse/JBEAP-28676	external
https://issues.redhat.com/browse/JBEAP-28905	external
https://issues.redhat.com/browse/JBEAP-29217	external
https://issues.redhat.com/browse/JBEAP-29440	external
https://issues.redhat.com/browse/JBEAP-29815	external
https://issues.redhat.com/browse/JBEAP-29862	external
https://issues.redhat.com/browse/JBEAP-29866	external
https://issues.redhat.com/browse/JBEAP-29914	external
https://issues.redhat.com/browse/JBEAP-29969	external
https://issues.redhat.com/browse/JBEAP-30031	external
https://issues.redhat.com/browse/JBEAP-30059	external
https://issues.redhat.com/browse/JBEAP-30264	external
https://issues.redhat.com/browse/JBEAP-30359	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-10234	self
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://www.cve.org/CVERecord?id=CVE-2024-10234	external
https://nvd.nist.gov/vuln/detail/CVE-2024-10234	external
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-23366	self
https://bugzilla.redhat.com/show_bug.cgi?id=2337619	external
https://www.cve.org/CVERecord?id=CVE-2025-23366	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23366	external
https://access.redhat.com/security/cve/CVE-2025-35036	self
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://www.cve.org/CVERecord?id=CVE-2025-35036	external
https://nvd.nist.gov/vuln/detail/CVE-2025-35036	external
https://docs.jboss.org/hibernate/stable/validator…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://hibernate.atlassian.net/browse/HV-1816	external
https://hibernate.org/validator/documentation/mig…	external
https://in.relation.to/2021/01/06/hibernate-valid…	external
https://labs.watchtowr.com/expression-payloads-me…	external
https://www.cve.org/CVERecord?id=CVE-2020-5245	external
https://www.cve.org/CVERecord?id=CVE-2025-4428	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

TIM S.p.A Claudia Bartolini Marco Ventura Massimiliano Brolli

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10924",
        "url": "https://access.redhat.com/errata/RHSA-2025:10924"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "2320848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "2370118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
      },
      {
        "category": "external",
        "summary": "JBEAP-28676",
        "url": "https://issues.redhat.com/browse/JBEAP-28676"
      },
      {
        "category": "external",
        "summary": "JBEAP-28905",
        "url": "https://issues.redhat.com/browse/JBEAP-28905"
      },
      {
        "category": "external",
        "summary": "JBEAP-29217",
        "url": "https://issues.redhat.com/browse/JBEAP-29217"
      },
      {
        "category": "external",
        "summary": "JBEAP-29440",
        "url": "https://issues.redhat.com/browse/JBEAP-29440"
      },
      {
        "category": "external",
        "summary": "JBEAP-29815",
        "url": "https://issues.redhat.com/browse/JBEAP-29815"
      },
      {
        "category": "external",
        "summary": "JBEAP-29862",
        "url": "https://issues.redhat.com/browse/JBEAP-29862"
      },
      {
        "category": "external",
        "summary": "JBEAP-29866",
        "url": "https://issues.redhat.com/browse/JBEAP-29866"
      },
      {
        "category": "external",
        "summary": "JBEAP-29914",
        "url": "https://issues.redhat.com/browse/JBEAP-29914"
      },
      {
        "category": "external",
        "summary": "JBEAP-29969",
        "url": "https://issues.redhat.com/browse/JBEAP-29969"
      },
      {
        "category": "external",
        "summary": "JBEAP-30031",
        "url": "https://issues.redhat.com/browse/JBEAP-30031"
      },
      {
        "category": "external",
        "summary": "JBEAP-30059",
        "url": "https://issues.redhat.com/browse/JBEAP-30059"
      },
      {
        "category": "external",
        "summary": "JBEAP-30264",
        "url": "https://issues.redhat.com/browse/JBEAP-30264"
      },
      {
        "category": "external",
        "summary": "JBEAP-30359",
        "url": "https://issues.redhat.com/browse/JBEAP-30359"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10924.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
    "tracking": {
      "current_release_date": "2026-06-25T03:58:56+00:00",
      "generator": {
        "date": "2026-06-25T03:58:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2025:10924",
      "initial_release_date": "2025-07-14T15:56:17+00:00",
      "revision_history": [
        {
          "date": "2025-07-14T15:56:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-14T15:56:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T03:58:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el7eap?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el7eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_id": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native-debuginfo@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10234",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-10-22T01:46:48.739000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
        }
      ],
      "release_date": "2024-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Claudia Bartolini",
            "Marco Ventura",
            "Massimiliano Brolli"
          ],
          "organization": "TIM S.p.A"
        }
      ],
      "cve": "CVE-2025-23366",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-01-14T14:56:40.238000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2337619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has evaluated and the attacker must be authenticated as user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d. This issue requires previous privilege to jeopardize an environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "RHBZ#2337619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366"
        }
      ],
      "release_date": "2025-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting"
    },
    {
      "cve": "CVE-2025-35036",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-06-03T20:00:52.377542+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2370118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Hibernate Validator Expression Language Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "RHBZ#2370118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
          "url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
          "url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
          "url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
          "url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
          "url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
          "url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
          "url": "https://github.com/hibernate/hibernate-validator/pull/1138"
        },
        {
          "category": "external",
          "summary": "https://hibernate.atlassian.net/browse/HV-1816",
          "url": "https://hibernate.atlassian.net/browse/HV-1816"
        },
        {
          "category": "external",
          "summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
          "url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
        },
        {
          "category": "external",
          "summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
          "url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
        },
        {
          "category": "external",
          "summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
          "url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
        }
      ],
      "release_date": "2025-06-03T19:27:42.900000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        },
        {
          "category": "workaround",
          "details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hibernate-validator: Hibernate Validator Expression Language Injection"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10925

Vulnerability from csaf_redhat - Published: 2025-07-14 15:56 - Updated: 2026-06-25 03:58

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036) * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10234

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-23366

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-35036

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Important

References

70 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10925	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://issues.redhat.com/browse/JBEAP-28676	external
https://issues.redhat.com/browse/JBEAP-28905	external
https://issues.redhat.com/browse/JBEAP-29218	external
https://issues.redhat.com/browse/JBEAP-29440	external
https://issues.redhat.com/browse/JBEAP-29815	external
https://issues.redhat.com/browse/JBEAP-29862	external
https://issues.redhat.com/browse/JBEAP-29866	external
https://issues.redhat.com/browse/JBEAP-29914	external
https://issues.redhat.com/browse/JBEAP-29969	external
https://issues.redhat.com/browse/JBEAP-30031	external
https://issues.redhat.com/browse/JBEAP-30059	external
https://issues.redhat.com/browse/JBEAP-30264	external
https://issues.redhat.com/browse/JBEAP-30359	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-10234	self
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://www.cve.org/CVERecord?id=CVE-2024-10234	external
https://nvd.nist.gov/vuln/detail/CVE-2024-10234	external
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-23366	self
https://bugzilla.redhat.com/show_bug.cgi?id=2337619	external
https://www.cve.org/CVERecord?id=CVE-2025-23366	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23366	external
https://access.redhat.com/security/cve/CVE-2025-35036	self
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://www.cve.org/CVERecord?id=CVE-2025-35036	external
https://nvd.nist.gov/vuln/detail/CVE-2025-35036	external
https://docs.jboss.org/hibernate/stable/validator…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://hibernate.atlassian.net/browse/HV-1816	external
https://hibernate.org/validator/documentation/mig…	external
https://in.relation.to/2021/01/06/hibernate-valid…	external
https://labs.watchtowr.com/expression-payloads-me…	external
https://www.cve.org/CVERecord?id=CVE-2020-5245	external
https://www.cve.org/CVERecord?id=CVE-2025-4428	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

TIM S.p.A Claudia Bartolini Marco Ventura Massimiliano Brolli

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10925",
        "url": "https://access.redhat.com/errata/RHSA-2025:10925"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "2320848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "2370118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
      },
      {
        "category": "external",
        "summary": "JBEAP-28676",
        "url": "https://issues.redhat.com/browse/JBEAP-28676"
      },
      {
        "category": "external",
        "summary": "JBEAP-28905",
        "url": "https://issues.redhat.com/browse/JBEAP-28905"
      },
      {
        "category": "external",
        "summary": "JBEAP-29218",
        "url": "https://issues.redhat.com/browse/JBEAP-29218"
      },
      {
        "category": "external",
        "summary": "JBEAP-29440",
        "url": "https://issues.redhat.com/browse/JBEAP-29440"
      },
      {
        "category": "external",
        "summary": "JBEAP-29815",
        "url": "https://issues.redhat.com/browse/JBEAP-29815"
      },
      {
        "category": "external",
        "summary": "JBEAP-29862",
        "url": "https://issues.redhat.com/browse/JBEAP-29862"
      },
      {
        "category": "external",
        "summary": "JBEAP-29866",
        "url": "https://issues.redhat.com/browse/JBEAP-29866"
      },
      {
        "category": "external",
        "summary": "JBEAP-29914",
        "url": "https://issues.redhat.com/browse/JBEAP-29914"
      },
      {
        "category": "external",
        "summary": "JBEAP-29969",
        "url": "https://issues.redhat.com/browse/JBEAP-29969"
      },
      {
        "category": "external",
        "summary": "JBEAP-30031",
        "url": "https://issues.redhat.com/browse/JBEAP-30031"
      },
      {
        "category": "external",
        "summary": "JBEAP-30059",
        "url": "https://issues.redhat.com/browse/JBEAP-30059"
      },
      {
        "category": "external",
        "summary": "JBEAP-30264",
        "url": "https://issues.redhat.com/browse/JBEAP-30264"
      },
      {
        "category": "external",
        "summary": "JBEAP-30359",
        "url": "https://issues.redhat.com/browse/JBEAP-30359"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10925.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
    "tracking": {
      "current_release_date": "2026-06-25T03:58:56+00:00",
      "generator": {
        "date": "2026-06-25T03:58:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2025:10925",
      "initial_release_date": "2025-07-14T15:56:17+00:00",
      "revision_history": [
        {
          "date": "2025-07-14T15:56:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-14T15:56:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T03:58:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 8",
                  "product_id": "8Base-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el8eap?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el8eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el8eap?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                  "product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el8eap?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10234",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-10-22T01:46:48.739000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
        }
      ],
      "release_date": "2024-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Claudia Bartolini",
            "Marco Ventura",
            "Massimiliano Brolli"
          ],
          "organization": "TIM S.p.A"
        }
      ],
      "cve": "CVE-2025-23366",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-01-14T14:56:40.238000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2337619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has evaluated and the attacker must be authenticated as user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d. This issue requires previous privilege to jeopardize an environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "RHBZ#2337619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366"
        }
      ],
      "release_date": "2025-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting"
    },
    {
      "cve": "CVE-2025-35036",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-06-03T20:00:52.377542+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2370118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Hibernate Validator Expression Language Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "RHBZ#2370118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
          "url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
          "url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
          "url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
          "url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
          "url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
          "url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
          "url": "https://github.com/hibernate/hibernate-validator/pull/1138"
        },
        {
          "category": "external",
          "summary": "https://hibernate.atlassian.net/browse/HV-1816",
          "url": "https://hibernate.atlassian.net/browse/HV-1816"
        },
        {
          "category": "external",
          "summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
          "url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
        },
        {
          "category": "external",
          "summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
          "url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
        },
        {
          "category": "external",
          "summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
          "url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
        }
      ],
      "release_date": "2025-06-03T19:27:42.900000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        },
        {
          "category": "workaround",
          "details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hibernate-validator: Hibernate Validator Expression Language Injection"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10926

Vulnerability from csaf_redhat - Published: 2025-07-14 15:55 - Updated: 2026-06-25 03:59

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036) * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10234

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-23366

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-35036

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Important

References

70 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10926	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://issues.redhat.com/browse/JBEAP-28676	external
https://issues.redhat.com/browse/JBEAP-28905	external
https://issues.redhat.com/browse/JBEAP-29219	external
https://issues.redhat.com/browse/JBEAP-29440	external
https://issues.redhat.com/browse/JBEAP-29815	external
https://issues.redhat.com/browse/JBEAP-29862	external
https://issues.redhat.com/browse/JBEAP-29866	external
https://issues.redhat.com/browse/JBEAP-29914	external
https://issues.redhat.com/browse/JBEAP-29969	external
https://issues.redhat.com/browse/JBEAP-30031	external
https://issues.redhat.com/browse/JBEAP-30059	external
https://issues.redhat.com/browse/JBEAP-30264	external
https://issues.redhat.com/browse/JBEAP-30359	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-10234	self
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://www.cve.org/CVERecord?id=CVE-2024-10234	external
https://nvd.nist.gov/vuln/detail/CVE-2024-10234	external
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-23366	self
https://bugzilla.redhat.com/show_bug.cgi?id=2337619	external
https://www.cve.org/CVERecord?id=CVE-2025-23366	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23366	external
https://access.redhat.com/security/cve/CVE-2025-35036	self
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://www.cve.org/CVERecord?id=CVE-2025-35036	external
https://nvd.nist.gov/vuln/detail/CVE-2025-35036	external
https://docs.jboss.org/hibernate/stable/validator…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://hibernate.atlassian.net/browse/HV-1816	external
https://hibernate.org/validator/documentation/mig…	external
https://in.relation.to/2021/01/06/hibernate-valid…	external
https://labs.watchtowr.com/expression-payloads-me…	external
https://www.cve.org/CVERecord?id=CVE-2020-5245	external
https://www.cve.org/CVERecord?id=CVE-2025-4428	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

TIM S.p.A Claudia Bartolini Marco Ventura Massimiliano Brolli

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10926",
        "url": "https://access.redhat.com/errata/RHSA-2025:10926"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "2320848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "2370118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
      },
      {
        "category": "external",
        "summary": "JBEAP-28676",
        "url": "https://issues.redhat.com/browse/JBEAP-28676"
      },
      {
        "category": "external",
        "summary": "JBEAP-28905",
        "url": "https://issues.redhat.com/browse/JBEAP-28905"
      },
      {
        "category": "external",
        "summary": "JBEAP-29219",
        "url": "https://issues.redhat.com/browse/JBEAP-29219"
      },
      {
        "category": "external",
        "summary": "JBEAP-29440",
        "url": "https://issues.redhat.com/browse/JBEAP-29440"
      },
      {
        "category": "external",
        "summary": "JBEAP-29815",
        "url": "https://issues.redhat.com/browse/JBEAP-29815"
      },
      {
        "category": "external",
        "summary": "JBEAP-29862",
        "url": "https://issues.redhat.com/browse/JBEAP-29862"
      },
      {
        "category": "external",
        "summary": "JBEAP-29866",
        "url": "https://issues.redhat.com/browse/JBEAP-29866"
      },
      {
        "category": "external",
        "summary": "JBEAP-29914",
        "url": "https://issues.redhat.com/browse/JBEAP-29914"
      },
      {
        "category": "external",
        "summary": "JBEAP-29969",
        "url": "https://issues.redhat.com/browse/JBEAP-29969"
      },
      {
        "category": "external",
        "summary": "JBEAP-30031",
        "url": "https://issues.redhat.com/browse/JBEAP-30031"
      },
      {
        "category": "external",
        "summary": "JBEAP-30059",
        "url": "https://issues.redhat.com/browse/JBEAP-30059"
      },
      {
        "category": "external",
        "summary": "JBEAP-30264",
        "url": "https://issues.redhat.com/browse/JBEAP-30264"
      },
      {
        "category": "external",
        "summary": "JBEAP-30359",
        "url": "https://issues.redhat.com/browse/JBEAP-30359"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10926.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
    "tracking": {
      "current_release_date": "2026-06-25T03:59:00+00:00",
      "generator": {
        "date": "2026-06-25T03:59:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2025:10926",
      "initial_release_date": "2025-07-14T15:55:57+00:00",
      "revision_history": [
        {
          "date": "2025-07-14T15:55:57+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-14T15:55:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T03:59:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 9",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 9",
                  "product_id": "9Base-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el9eap?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el9eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el9eap?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                  "product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el9eap?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10234",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-10-22T01:46:48.739000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
        }
      ],
      "release_date": "2024-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Claudia Bartolini",
            "Marco Ventura",
            "Massimiliano Brolli"
          ],
          "organization": "TIM S.p.A"
        }
      ],
      "cve": "CVE-2025-23366",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-01-14T14:56:40.238000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2337619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has evaluated and the attacker must be authenticated as user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d. This issue requires previous privilege to jeopardize an environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "RHBZ#2337619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366"
        }
      ],
      "release_date": "2025-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting"
    },
    {
      "cve": "CVE-2025-35036",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-06-03T20:00:52.377542+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2370118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Hibernate Validator Expression Language Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "RHBZ#2370118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
          "url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
          "url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
          "url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
          "url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
          "url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
          "url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
          "url": "https://github.com/hibernate/hibernate-validator/pull/1138"
        },
        {
          "category": "external",
          "summary": "https://hibernate.atlassian.net/browse/HV-1816",
          "url": "https://hibernate.atlassian.net/browse/HV-1816"
        },
        {
          "category": "external",
          "summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
          "url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
        },
        {
          "category": "external",
          "summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
          "url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
        },
        {
          "category": "external",
          "summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
          "url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
        }
      ],
      "release_date": "2025-06-03T19:27:42.900000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        },
        {
          "category": "workaround",
          "details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hibernate-validator: Hibernate Validator Expression Language Injection"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10931

Vulnerability from csaf_redhat - Published: 2025-07-14 16:21 - Updated: 2026-06-25 03:58

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036) * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10234

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7.4.23 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7.4.23 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7.4.23 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7.4.23 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-35036

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7.4.23 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7.4.23 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix

Threats

Impact Important

References

65 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10931	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://issues.redhat.com/browse/JBEAP-28676	external
https://issues.redhat.com/browse/JBEAP-28905	external
https://issues.redhat.com/browse/JBEAP-29440	external
https://issues.redhat.com/browse/JBEAP-29815	external
https://issues.redhat.com/browse/JBEAP-29862	external
https://issues.redhat.com/browse/JBEAP-29866	external
https://issues.redhat.com/browse/JBEAP-29914	external
https://issues.redhat.com/browse/JBEAP-29969	external
https://issues.redhat.com/browse/JBEAP-30031	external
https://issues.redhat.com/browse/JBEAP-30059	external
https://issues.redhat.com/browse/JBEAP-30264	external
https://issues.redhat.com/browse/JBEAP-30359	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-10234	self
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://www.cve.org/CVERecord?id=CVE-2024-10234	external
https://nvd.nist.gov/vuln/detail/CVE-2024-10234	external
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-35036	self
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://www.cve.org/CVERecord?id=CVE-2025-35036	external
https://nvd.nist.gov/vuln/detail/CVE-2025-35036	external
https://docs.jboss.org/hibernate/stable/validator…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://hibernate.atlassian.net/browse/HV-1816	external
https://hibernate.org/validator/documentation/mig…	external
https://in.relation.to/2021/01/06/hibernate-valid…	external
https://labs.watchtowr.com/expression-payloads-me…	external
https://www.cve.org/CVERecord?id=CVE-2020-5245	external
https://www.cve.org/CVERecord?id=CVE-2025-4428	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10931",
        "url": "https://access.redhat.com/errata/RHSA-2025:10931"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "2320848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "2370118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
      },
      {
        "category": "external",
        "summary": "JBEAP-28676",
        "url": "https://issues.redhat.com/browse/JBEAP-28676"
      },
      {
        "category": "external",
        "summary": "JBEAP-28905",
        "url": "https://issues.redhat.com/browse/JBEAP-28905"
      },
      {
        "category": "external",
        "summary": "JBEAP-29440",
        "url": "https://issues.redhat.com/browse/JBEAP-29440"
      },
      {
        "category": "external",
        "summary": "JBEAP-29815",
        "url": "https://issues.redhat.com/browse/JBEAP-29815"
      },
      {
        "category": "external",
        "summary": "JBEAP-29862",
        "url": "https://issues.redhat.com/browse/JBEAP-29862"
      },
      {
        "category": "external",
        "summary": "JBEAP-29866",
        "url": "https://issues.redhat.com/browse/JBEAP-29866"
      },
      {
        "category": "external",
        "summary": "JBEAP-29914",
        "url": "https://issues.redhat.com/browse/JBEAP-29914"
      },
      {
        "category": "external",
        "summary": "JBEAP-29969",
        "url": "https://issues.redhat.com/browse/JBEAP-29969"
      },
      {
        "category": "external",
        "summary": "JBEAP-30031",
        "url": "https://issues.redhat.com/browse/JBEAP-30031"
      },
      {
        "category": "external",
        "summary": "JBEAP-30059",
        "url": "https://issues.redhat.com/browse/JBEAP-30059"
      },
      {
        "category": "external",
        "summary": "JBEAP-30264",
        "url": "https://issues.redhat.com/browse/JBEAP-30264"
      },
      {
        "category": "external",
        "summary": "JBEAP-30359",
        "url": "https://issues.redhat.com/browse/JBEAP-30359"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10931.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
    "tracking": {
      "current_release_date": "2026-06-25T03:58:59+00:00",
      "generator": {
        "date": "2026-06-25T03:58:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2025:10931",
      "initial_release_date": "2025-07-14T16:21:20+00:00",
      "revision_history": [
        {
          "date": "2025-07-14T16:21:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-14T16:21:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-25T03:58:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 7.4.23",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 7.4.23",
                  "product_id": "Red Hat JBoss Enterprise Application Platform 7.4.23",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10234",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-10-22T01:46:48.739000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7.4.23"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
        }
      ],
      "release_date": "2024-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T16:21:20+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7.4.23"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T16:21:20+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7.4.23"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T16:21:20+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7.4.23"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T16:21:20+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "cve": "CVE-2025-35036",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-06-03T20:00:52.377542+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2370118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Hibernate Validator Expression Language Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7.4.23"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "RHBZ#2370118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
          "url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
          "url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
          "url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
          "url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
          "url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
          "url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
          "url": "https://github.com/hibernate/hibernate-validator/pull/1138"
        },
        {
          "category": "external",
          "summary": "https://hibernate.atlassian.net/browse/HV-1816",
          "url": "https://hibernate.atlassian.net/browse/HV-1816"
        },
        {
          "category": "external",
          "summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
          "url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
        },
        {
          "category": "external",
          "summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
          "url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
        },
        {
          "category": "external",
          "summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
          "url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
        }
      ],
      "release_date": "2025-06-03T19:27:42.900000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T16:21:20+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        },
        {
          "category": "workaround",
          "details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hibernate-validator: Hibernate Validator Expression Language Injection"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7.4.23"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T16:21:20+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7.4.23"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

WID-SEC-W-2025-0128

Vulnerability from csaf_certbund - Published: 2025-01-20 23:00 - Updated: 2026-03-23 23:00

Summary

Apache CXF: Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache CXF ist ein Open Source-Web Service-Framework.

Angriff: Ein Angreifer kann eine Schwachstelle in Apache CXF ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2025-23184

Affected products

Known affected 19 products

Product	Identifier	Version
IBM WebSphere Application Server Liberty IBM / WebSphere Application Server	`cpe:/a:ibm:websphere_application_server:liberty`	Liberty
IBM TXSeries for multiplatforms IBM / TXSeries	`cpe:/a:ibm:txseries:for_multiplatforms`	for multiplatforms
Apache CXF <3.6.5 Apache / CXF		<3.6.5
Apache CXF <3.5.10 Apache / CXF		<3.5.10
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Identity Insight IBM	`cpe:/a:ibm:infosphere_identity_insight:-`	—
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
HCL Commerce <9.0.1.16 HCL / Commerce		<9.0.1.16
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
HCL Commerce <9.1.18.2 HCL / Commerce		<9.1.18.2
Red Hat JBoss Enterprise Application Platform <7.4.23 Red Hat / JBoss Enterprise Application Platform		<7.4.23
HCL BigFix Compliance <2.0.14 HCL / BigFix		Compliance <2.0.14
IBM InfoSphere Information Server 11.7 IBM / InfoSphere Information Server	`cpe:/a:ibm:infosphere_information_server:11.7`	11.7
Red Hat JBoss Enterprise Application Platform <8.0.8 Red Hat / JBoss Enterprise Application Platform		<8.0.8
IBM Tivoli Business Service Manager <6.2.0.6 IBM / Tivoli Business Service Manager		<6.2.0.6
RealObjects PDFreactor <12.1 RealObjects / PDFreactor		<12.1
Apache CXF <4.0.6 Apache / CXF		<4.0.6
Red Hat JBoss Enterprise Application Platform Red Hat / JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:-`	—

References

30 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://cxf.apache.org/security-advisories.data/C…	external
https://seclists.org/oss-sec/2025/q1/33	external
https://www.pdfreactor.com/pdfreactor-12-1-now-av…	external
https://www.ibm.com/support/pages/node/7229079	external
https://www.ibm.com/support/pages/node/7229772	external
https://www.ibm.com/support/pages/node/7231036	external
https://www.ibm.com/support/pages/node/7145534	external
https://www.ibm.com/support/pages/node/7230296	external
https://www.ibm.com/support/pages/node/7234093	external
https://www.ibm.com/support/pages/node/7238746	external
https://access.redhat.com/errata/RHSA-2025:10452	external
https://access.redhat.com/errata/RHSA-2025:10453	external
https://access.redhat.com/errata/RHSA-2025:10459	external
https://access.redhat.com/errata/RHSA-2025:10931	external
https://access.redhat.com/errata/RHSA-2025:10924	external
https://access.redhat.com/errata/RHSA-2025:10926	external
https://access.redhat.com/errata/RHSA-2025:10925	external
https://support.hcl-software.com/csm?id=kb_articl…	external
https://www.ibm.com/support/pages/node/7241572	external
https://support.hcl-software.com/community?id=com…	external
https://security.netapp.com/advisory/NTAP-20250214-0003	external
https://access.redhat.com/errata/RHSA-2026:0386	external
https://access.redhat.com/errata/RHSA-2026:0383	external
https://access.redhat.com/errata/RHSA-2026:0384	external
https://access.redhat.com/errata/RHSA-2026:3889	external
https://access.redhat.com/errata/RHSA-2026:3892	external
https://access.redhat.com/errata/RHSA-2026:3891	external
https://www.dell.com/support/kbdoc/de-de/00044324…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache CXF ist ein Open Source-Web Service-Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann eine Schwachstelle in Apache CXF ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0128 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0128.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0128 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0128"
      },
      {
        "category": "external",
        "summary": "Apache CXF Security Advisory vom 2025-01-20",
        "url": "https://cxf.apache.org/security-advisories.data/CVE-2025-23184.txt"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2025-01-20",
        "url": "https://seclists.org/oss-sec/2025/q1/33"
      },
      {
        "category": "external",
        "summary": "PDFreactor Releasenotes vom 2025-03-06",
        "url": "https://www.pdfreactor.com/pdfreactor-12-1-now-available/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7229079 vom 2025-03-26",
        "url": "https://www.ibm.com/support/pages/node/7229079"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7229772 vom 2025-04-01",
        "url": "https://www.ibm.com/support/pages/node/7229772"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7231036 vom 2025-04-16",
        "url": "https://www.ibm.com/support/pages/node/7231036"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7230785 vom 2025-05-13",
        "url": "https://www.ibm.com/support/pages/node/7145534"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7230296 vom 2025-05-15",
        "url": "https://www.ibm.com/support/pages/node/7230296"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7234093 vom 2025-05-21",
        "url": "https://www.ibm.com/support/pages/node/7234093"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7238746 vom 2025-07-02",
        "url": "https://www.ibm.com/support/pages/node/7238746"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10452 vom 2025-07-08",
        "url": "https://access.redhat.com/errata/RHSA-2025:10452"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10453 vom 2025-07-07",
        "url": "https://access.redhat.com/errata/RHSA-2025:10453"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10459 vom 2025-07-08",
        "url": "https://access.redhat.com/errata/RHSA-2025:10459"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10931 vom 2025-07-15",
        "url": "https://access.redhat.com/errata/RHSA-2025:10931"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10924 vom 2025-07-14",
        "url": "https://access.redhat.com/errata/RHSA-2025:10924"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10926 vom 2025-07-14",
        "url": "https://access.redhat.com/errata/RHSA-2025:10926"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10925 vom 2025-07-15",
        "url": "https://access.redhat.com/errata/RHSA-2025:10925"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2025-08-05",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0122946"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241572 vom 2025-08-06",
        "url": "https://www.ibm.com/support/pages/node/7241572"
      },
      {
        "category": "external",
        "summary": "HCL Advisory vom 2025-09-11",
        "url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=763857e73bfbe214cb0155f726e45a09"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20250214-0003 vom 2025-09-19",
        "url": "https://security.netapp.com/advisory/NTAP-20250214-0003"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0386 vom 2026-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:0386"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0383 vom 2026-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:0383"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0384 vom 2026-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:0384"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3889 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3889"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3892 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3892"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3891 vom 2026-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:3891"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
        "url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache CXF: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2026-03-23T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-24T10:18:33.003+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-0128",
      "initial_release_date": "2025-01-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-03-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-03-26T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-04-01T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-04-15T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-05-12T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-05-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2025-05-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-07-02T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-07-07T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-07-14T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-08-05T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2025-08-06T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-09-11T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-09-21T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2026-01-08T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-03-05T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "18"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.5.10",
                "product": {
                  "name": "Apache CXF \u003c3.5.10",
                  "product_id": "T040418"
                }
              },
              {
                "category": "product_version",
                "name": "3.5.10",
                "product": {
                  "name": "Apache CXF 3.5.10",
                  "product_id": "T040418-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cxf:3.5.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.6.5",
                "product": {
                  "name": "Apache CXF \u003c3.6.5",
                  "product_id": "T040419"
                }
              },
              {
                "category": "product_version",
                "name": "3.6.5",
                "product": {
                  "name": "Apache CXF 3.6.5",
                  "product_id": "T040419-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cxf:3.6.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.0.6",
                "product": {
                  "name": "Apache CXF \u003c4.0.6",
                  "product_id": "T040420"
                }
              },
              {
                "category": "product_version",
                "name": "4.0.6",
                "product": {
                  "name": "Apache CXF 4.0.6",
                  "product_id": "T040420-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cxf:4.0.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CXF"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway \u003c5.34.00.16",
                  "product_id": "T052048"
                }
              },
              {
                "category": "product_version",
                "name": "5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway 5.34.00.16",
                  "product_id": "T052048-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Connect Gateway"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Compliance \u003c2.0.14",
                "product": {
                  "name": "HCL BigFix Compliance \u003c2.0.14",
                  "product_id": "T046948"
                }
              },
              {
                "category": "product_version",
                "name": "Compliance 2.0.14",
                "product": {
                  "name": "HCL BigFix Compliance 2.0.14",
                  "product_id": "T046948-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:bigfix:compliance__2.0.14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BigFix"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.0.1.16",
                "product": {
                  "name": "HCL Commerce \u003c9.0.1.16",
                  "product_id": "T019286"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.1.16",
                "product": {
                  "name": "HCL Commerce 9.0.1.16",
                  "product_id": "T019286-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.0.1.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.18.2",
                "product": {
                  "name": "HCL Commerce \u003c9.1.18.2",
                  "product_id": "T045896"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.18.2",
                "product": {
                  "name": "HCL Commerce 9.1.18.2",
                  "product_id": "T045896-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.1.18.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commerce"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T043411",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM InfoSphere Identity Insight",
            "product": {
              "name": "IBM InfoSphere Identity Insight",
              "product_id": "T035274",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:infosphere_identity_insight:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.7",
                "product": {
                  "name": "IBM InfoSphere Information Server 11.7",
                  "product_id": "444803",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "InfoSphere Information Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for multiplatforms",
                "product": {
                  "name": "IBM TXSeries for multiplatforms",
                  "product_id": "T036617",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:txseries:for_multiplatforms"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TXSeries"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.2.0.6",
                "product": {
                  "name": "IBM Tivoli Business Service Manager \u003c6.2.0.6",
                  "product_id": "T045011"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.0.6",
                "product": {
                  "name": "IBM Tivoli Business Service Manager 6.2.0.6",
                  "product_id": "T045011-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Business Service Manager"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Liberty",
                "product": {
                  "name": "IBM WebSphere Application Server Liberty",
                  "product_id": "T008337",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:liberty"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp ActiveIQ Unified Manager",
            "product": {
              "name": "NetApp ActiveIQ Unified Manager",
              "product_id": "T016960",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.1",
                "product": {
                  "name": "RealObjects PDFreactor \u003c12.1",
                  "product_id": "T041643"
                }
              },
              {
                "category": "product_version",
                "name": "12.1",
                "product": {
                  "name": "RealObjects PDFreactor 12.1",
                  "product_id": "T041643-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:realobjects:pdfreactor:12.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PDFreactor"
          }
        ],
        "category": "vendor",
        "name": "RealObjects"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform",
                  "product_id": "T003085",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.0.8",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform \u003c8.0.8",
                  "product_id": "T045085"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.8",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 8.0.8",
                  "product_id": "T045085-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.4.23",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.23",
                  "product_id": "T045348"
                }
              },
              {
                "category": "product_version",
                "name": "7.4.23",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 7.4.23",
                  "product_id": "T045348-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4.23"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "known_affected": [
          "T008337",
          "T036617",
          "T040419",
          "T040418",
          "67646",
          "T035274",
          "T016960",
          "T019286",
          "T052048",
          "T043411",
          "T045896",
          "T045348",
          "T046948",
          "444803",
          "T045085",
          "T045011",
          "T041643",
          "T040420",
          "T003085"
        ]
      },
      "release_date": "2025-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-23184"
    }
  ]
}

WID-SEC-W-2025-0818

Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2020-13936

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2020-25649

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2023-26464

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-11053

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-11612

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-25710

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-28168

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-29857

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-38476

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-40896

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-47072

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-47554

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-47561

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-50602

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-52046

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-56337

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-7254

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2024-9143

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-23184

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-24970

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

CVE-2025-27363

Affected products

Known affected 4 products

Product	Identifier	Version
Oracle Fusion Middleware 14.1.2.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.2.0.0`	14.1.2.0.0
Oracle Fusion Middleware 12.2.1.4.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:12.2.1.4.0`	12.2.1.4.0
Oracle Fusion Middleware 8.5.7 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:8.5.7`	8.5.7
Oracle Fusion Middleware 14.1.1.0.0 Oracle / Fusion Middleware	`cpe:/a:oracle:fusion_middleware:14.1.1.0.0`	14.1.1.0.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2025…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0818 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0818.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0818 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0818"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Fusion Middleware vom 2025-04-15",
        "url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixFMW"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-16T09:16:22.604+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0818",
      "initial_release_date": "2025-04-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5.7",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.7",
                  "product_id": "T034057",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.2.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.2.0.0",
                  "product_id": "T040467",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.2.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13936",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2020-13936"
    },
    {
      "cve": "CVE-2020-25649",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2020-25649"
    },
    {
      "cve": "CVE-2023-26464",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2023-26464"
    },
    {
      "cve": "CVE-2024-11053",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-11053"
    },
    {
      "cve": "CVE-2024-11612",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-11612"
    },
    {
      "cve": "CVE-2024-25710",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-25710"
    },
    {
      "cve": "CVE-2024-28168",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-28168"
    },
    {
      "cve": "CVE-2024-29857",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-29857"
    },
    {
      "cve": "CVE-2024-38476",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-38476"
    },
    {
      "cve": "CVE-2024-40896",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-40896"
    },
    {
      "cve": "CVE-2024-47072",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47072"
    },
    {
      "cve": "CVE-2024-47554",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-47561",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47561"
    },
    {
      "cve": "CVE-2024-50602",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-50602"
    },
    {
      "cve": "CVE-2024-52046",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-52046"
    },
    {
      "cve": "CVE-2024-56337",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-56337"
    },
    {
      "cve": "CVE-2024-7254",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-9143",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-9143"
    },
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-23184"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-27363",
      "product_status": {
        "known_affected": [
          "T040467",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-27363"
    }
  ]
}

WID-SEC-W-2025-0819

Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00

Summary

Oracle Financial Services Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2021-28170

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-39410

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2023-49582

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-28168

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-28219

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-35195

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-37891

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-38819

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-38820

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-38827

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-47072

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-47554

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-5206

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-56128

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-56337

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2024-57699

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2025-21573

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2025-23184

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

CVE-2025-24970

Affected products

Known affected 18 products

Product	Identifier	Version
Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0`	2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Applications 6.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:6.1.0.0.0`	6.1.0.0.0
Oracle Financial Services Applications 8.1.2.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.7.0`	8.1.2.7.0
Oracle Financial Services Applications 8.1.1.4 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.1.4`	8.1.1.4
Oracle Financial Services Applications 8.0.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8`	8.0.8
Oracle Financial Services Applications 8.0.8.1 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.1`	8.0.8.1
Oracle Financial Services Applications 8.1.2.5 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.5`	8.1.2.5
Oracle Financial Services Applications 5.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:5.1.0.0.0`	5.1.0.0.0
Oracle Financial Services Applications 8.1.2.9 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.9`	8.1.2.9
Oracle Financial Services Applications 8.1.2.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.1.2.8`	8.1.2.8
Oracle Financial Services Applications 14.7.0.7.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.7.0`	14.7.0.7.0
Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:14.7.0.0.0`	14.5.0.0.0-14.7.0.0.0
Oracle Financial Services Applications 22.2.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.2.0.0.0`	22.2.0.0.0
Oracle Financial Services Applications 8.0.8.6 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.8.6`	8.0.8.6
Oracle Financial Services Applications 8.0.7.8 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:8.0.7.8`	8.0.7.8
Oracle Financial Services Applications 21.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:21.1.0.0.0`	21.1.0.0.0
Oracle Financial Services Applications 7.0.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:7.0.0.0.0`	7.0.0.0.0
Oracle Financial Services Applications 22.1.0.0.0 Oracle / Financial Services Applications	`cpe:/a:oracle:financial_services_applications:22.1.0.0.0`	22.1.0.0.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2025…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Financial Services ist eine Zusammenstellung  von Anwendungen f\u00fcr den Finanzsektor und eine Technologiebasis zur Erf\u00fcllung von IT- und Gesch\u00e4ftsanforderungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0819 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0819.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0819 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0819"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Financial Services Applications vom 2025-04-15",
        "url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixIFLX"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Financial Services Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-16T09:16:23.001+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0819",
      "initial_release_date": "2025-04-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.0.8",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8",
                  "product_id": "T021677",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.8.1",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.1",
                  "product_id": "T022844",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 21.1.0.0.0",
                  "product_id": "T028695",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:21.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 22.1.0.0.0",
                  "product_id": "T028696",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:22.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.2.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 22.2.0.0.0",
                  "product_id": "T028697",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:22.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.5.0.0.0-14.7.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.5.0.0.0-14.7.0.0.0",
                  "product_id": "T028702",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.2.5",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.5",
                  "product_id": "T028706",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 6.1.0.0.0",
                  "product_id": "T036223",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:6.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.2.8",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.8",
                  "product_id": "T038392",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.0.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 7.0.0.0.0",
                  "product_id": "T040463",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:7.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.7.8",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.7.8",
                  "product_id": "T040464",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.7.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.8.6",
                "product": {
                  "name": "Oracle Financial Services Applications 8.0.8.6",
                  "product_id": "T040465",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.0.8.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.9.0.0.0-7.0.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 2.9.0.0.0-7.0.0.0.0",
                  "product_id": "T040516",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:2.9.0.0.0_-_7.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.2.7.0",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.7.0",
                  "product_id": "T042808",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.7.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.1.4",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.1.4",
                  "product_id": "T042809",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.1.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.1.0.0.0",
                "product": {
                  "name": "Oracle Financial Services Applications 5.1.0.0.0",
                  "product_id": "T042810",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:5.1.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.2.9",
                "product": {
                  "name": "Oracle Financial Services Applications 8.1.2.9",
                  "product_id": "T042811",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:8.1.2.9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.7.0.7.0",
                "product": {
                  "name": "Oracle Financial Services Applications 14.7.0.7.0",
                  "product_id": "T042812",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:financial_services_applications:14.7.0.7.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Financial Services Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-28170",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2021-28170"
    },
    {
      "cve": "CVE-2023-39410",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2023-39410"
    },
    {
      "cve": "CVE-2023-49582",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2023-49582"
    },
    {
      "cve": "CVE-2024-28168",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-28168"
    },
    {
      "cve": "CVE-2024-28219",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-28219"
    },
    {
      "cve": "CVE-2024-35195",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-35195"
    },
    {
      "cve": "CVE-2024-37891",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-37891"
    },
    {
      "cve": "CVE-2024-38819",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-38819"
    },
    {
      "cve": "CVE-2024-38820",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-38820"
    },
    {
      "cve": "CVE-2024-38827",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-38827"
    },
    {
      "cve": "CVE-2024-47072",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47072"
    },
    {
      "cve": "CVE-2024-47554",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-5206",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-5206"
    },
    {
      "cve": "CVE-2024-56128",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-56128"
    },
    {
      "cve": "CVE-2024-56337",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-56337"
    },
    {
      "cve": "CVE-2024-57699",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2025-21573",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-21573"
    },
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-23184"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T040516",
          "T036223",
          "T042808",
          "T042809",
          "T021677",
          "T022844",
          "T028706",
          "T042810",
          "T042811",
          "T038392",
          "T042812",
          "T028702",
          "T028697",
          "T040465",
          "T040464",
          "T028695",
          "T040463",
          "T028696"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    }
  ]
}

WID-SEC-W-2025-0822

Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-04-15 22:00

Summary

Oracle Construction and Engineering: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Construction and Engineering ist eine Sammlung von Werkzeugen zur Unterstützung von Bau- und Ingenieurbüros. Sie umfasst u. a. Projektmanagement-Lösungen zur Verwaltung von Projekte, zur Schaffung von Transparenz, zur Zusammenarbeit und zur Verwaltung von Änderungen.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Construction and Engineering ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2024-38819

Affected products

Last affected 9 products

Product	Identifier	Version	Remediation
Oracle Construction and Engineering <=20.12.17 Oracle / Construction and Engineering		<=20.12.17
Oracle Construction and Engineering <=23.12.13 Oracle / Construction and Engineering		<=23.12.13
Oracle Construction and Engineering <=21.12.17 Oracle / Construction and Engineering		<=21.12.17
Oracle Construction and Engineering <=24.12.3 Oracle / Construction and Engineering		<=24.12.3
Oracle Construction and Engineering <=20.12.16 Oracle / Construction and Engineering		<=20.12.16
Oracle Construction and Engineering <=21.12.15 Oracle / Construction and Engineering		<=21.12.15
Oracle Construction and Engineering <=22.12.18 Oracle / Construction and Engineering		<=22.12.18
Oracle Construction and Engineering <=24.12.2 Oracle / Construction and Engineering		<=24.12.2
Oracle Construction and Engineering <=22.12.15 Oracle / Construction and Engineering		<=22.12.15

CVE-2024-47554

Affected products

Last affected 9 products

Product	Identifier	Version	Remediation
Oracle Construction and Engineering <=20.12.17 Oracle / Construction and Engineering		<=20.12.17
Oracle Construction and Engineering <=23.12.13 Oracle / Construction and Engineering		<=23.12.13
Oracle Construction and Engineering <=21.12.17 Oracle / Construction and Engineering		<=21.12.17
Oracle Construction and Engineering <=24.12.3 Oracle / Construction and Engineering		<=24.12.3
Oracle Construction and Engineering <=20.12.16 Oracle / Construction and Engineering		<=20.12.16
Oracle Construction and Engineering <=21.12.15 Oracle / Construction and Engineering		<=21.12.15
Oracle Construction and Engineering <=22.12.18 Oracle / Construction and Engineering		<=22.12.18
Oracle Construction and Engineering <=24.12.2 Oracle / Construction and Engineering		<=24.12.2
Oracle Construction and Engineering <=22.12.15 Oracle / Construction and Engineering		<=22.12.15

CVE-2024-49771

Affected products

Last affected 9 products

Product	Identifier	Version	Remediation
Oracle Construction and Engineering <=20.12.17 Oracle / Construction and Engineering		<=20.12.17
Oracle Construction and Engineering <=23.12.13 Oracle / Construction and Engineering		<=23.12.13
Oracle Construction and Engineering <=21.12.17 Oracle / Construction and Engineering		<=21.12.17
Oracle Construction and Engineering <=24.12.3 Oracle / Construction and Engineering		<=24.12.3
Oracle Construction and Engineering <=20.12.16 Oracle / Construction and Engineering		<=20.12.16
Oracle Construction and Engineering <=21.12.15 Oracle / Construction and Engineering		<=21.12.15
Oracle Construction and Engineering <=22.12.18 Oracle / Construction and Engineering		<=22.12.18
Oracle Construction and Engineering <=24.12.2 Oracle / Construction and Engineering		<=24.12.2
Oracle Construction and Engineering <=22.12.15 Oracle / Construction and Engineering		<=22.12.15

CVE-2024-57699

Affected products

Last affected 9 products

Product	Identifier	Version	Remediation
Oracle Construction and Engineering <=20.12.17 Oracle / Construction and Engineering		<=20.12.17
Oracle Construction and Engineering <=23.12.13 Oracle / Construction and Engineering		<=23.12.13
Oracle Construction and Engineering <=21.12.17 Oracle / Construction and Engineering		<=21.12.17
Oracle Construction and Engineering <=24.12.3 Oracle / Construction and Engineering		<=24.12.3
Oracle Construction and Engineering <=20.12.16 Oracle / Construction and Engineering		<=20.12.16
Oracle Construction and Engineering <=21.12.15 Oracle / Construction and Engineering		<=21.12.15
Oracle Construction and Engineering <=22.12.18 Oracle / Construction and Engineering		<=22.12.18
Oracle Construction and Engineering <=24.12.2 Oracle / Construction and Engineering		<=24.12.2
Oracle Construction and Engineering <=22.12.15 Oracle / Construction and Engineering		<=22.12.15

CVE-2024-7254

Affected products

Last affected 9 products

Product	Identifier	Version	Remediation
Oracle Construction and Engineering <=20.12.17 Oracle / Construction and Engineering		<=20.12.17
Oracle Construction and Engineering <=23.12.13 Oracle / Construction and Engineering		<=23.12.13
Oracle Construction and Engineering <=21.12.17 Oracle / Construction and Engineering		<=21.12.17
Oracle Construction and Engineering <=24.12.3 Oracle / Construction and Engineering		<=24.12.3
Oracle Construction and Engineering <=20.12.16 Oracle / Construction and Engineering		<=20.12.16
Oracle Construction and Engineering <=21.12.15 Oracle / Construction and Engineering		<=21.12.15
Oracle Construction and Engineering <=22.12.18 Oracle / Construction and Engineering		<=22.12.18
Oracle Construction and Engineering <=24.12.2 Oracle / Construction and Engineering		<=24.12.2
Oracle Construction and Engineering <=22.12.15 Oracle / Construction and Engineering		<=22.12.15

CVE-2025-23184

Affected products

Last affected 9 products

Product	Identifier	Version	Remediation
Oracle Construction and Engineering <=20.12.17 Oracle / Construction and Engineering		<=20.12.17
Oracle Construction and Engineering <=23.12.13 Oracle / Construction and Engineering		<=23.12.13
Oracle Construction and Engineering <=21.12.17 Oracle / Construction and Engineering		<=21.12.17
Oracle Construction and Engineering <=24.12.3 Oracle / Construction and Engineering		<=24.12.3
Oracle Construction and Engineering <=20.12.16 Oracle / Construction and Engineering		<=20.12.16
Oracle Construction and Engineering <=21.12.15 Oracle / Construction and Engineering		<=21.12.15
Oracle Construction and Engineering <=22.12.18 Oracle / Construction and Engineering		<=22.12.18
Oracle Construction and Engineering <=24.12.2 Oracle / Construction and Engineering		<=24.12.2
Oracle Construction and Engineering <=22.12.15 Oracle / Construction and Engineering		<=22.12.15

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2025…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Construction and Engineering ist eine Sammlung von Werkzeugen zur Unterst\u00fctzung von Bau- und Ingenieurb\u00fcros. Sie umfasst u. a. Projektmanagement-L\u00f6sungen zur Verwaltung von Projekte, zur Schaffung von Transparenz, zur Zusammenarbeit  und zur Verwaltung von \u00c4nderungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Construction and Engineering ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0822 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0822.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0822 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0822"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Construction and Engineering vom 2025-04-15",
        "url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixPVA"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Construction and Engineering: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-16T09:16:23.920+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0822",
      "initial_release_date": "2025-04-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=20.12.16",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=20.12.16",
                  "product_id": "T027346"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=20.12.16",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=20.12.16",
                  "product_id": "T027346-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=21.12.15",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=21.12.15",
                  "product_id": "T028688"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=21.12.15",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=21.12.15",
                  "product_id": "T028688-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=21.12.17",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=21.12.17",
                  "product_id": "T032097"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=21.12.17",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=21.12.17",
                  "product_id": "T032097-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=22.12.15",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=22.12.15",
                  "product_id": "T040454"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=22.12.15",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=22.12.15",
                  "product_id": "T040454-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=20.12.17",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=20.12.17",
                  "product_id": "T042801"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=20.12.17",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=20.12.17",
                  "product_id": "T042801-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=23.12.13",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=23.12.13",
                  "product_id": "T042802"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=23.12.13",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=23.12.13",
                  "product_id": "T042802-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.12.3",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=24.12.3",
                  "product_id": "T042803"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.12.3",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=24.12.3",
                  "product_id": "T042803-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=22.12.18",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=22.12.18",
                  "product_id": "T042804"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=22.12.18",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=22.12.18",
                  "product_id": "T042804-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.12.2",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=24.12.2",
                  "product_id": "T042805"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.12.2",
                "product": {
                  "name": "Oracle Construction and Engineering \u003c=24.12.2",
                  "product_id": "T042805-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "Construction and Engineering"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-38819",
      "product_status": {
        "last_affected": [
          "T042801",
          "T042802",
          "T032097",
          "T042803",
          "T027346",
          "T028688",
          "T042804",
          "T042805",
          "T040454"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-38819"
    },
    {
      "cve": "CVE-2024-47554",
      "product_status": {
        "last_affected": [
          "T042801",
          "T042802",
          "T032097",
          "T042803",
          "T027346",
          "T028688",
          "T042804",
          "T042805",
          "T040454"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-49771",
      "product_status": {
        "last_affected": [
          "T042801",
          "T042802",
          "T032097",
          "T042803",
          "T027346",
          "T028688",
          "T042804",
          "T042805",
          "T040454"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-49771"
    },
    {
      "cve": "CVE-2024-57699",
      "product_status": {
        "last_affected": [
          "T042801",
          "T042802",
          "T032097",
          "T042803",
          "T027346",
          "T028688",
          "T042804",
          "T042805",
          "T040454"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2024-7254",
      "product_status": {
        "last_affected": [
          "T042801",
          "T042802",
          "T032097",
          "T042803",
          "T027346",
          "T028688",
          "T042804",
          "T042805",
          "T040454"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "last_affected": [
          "T042801",
          "T042802",
          "T032097",
          "T042803",
          "T027346",
          "T028688",
          "T042804",
          "T042805",
          "T040454"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-23184"
    }
  ]
}

WID-SEC-W-2025-0823

Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-06-03 22:00

Summary

Oracle Communications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2023-49582

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2023-51074

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2023-5388

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2023-5685

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-1135

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-12797

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-21538

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-25638

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-28168

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-28219

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-28834

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-34064

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-35195

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-37891

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-38819

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-38827

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-40896

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-4227

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-43044

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-47072

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-47554

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-49767

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-50602

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-52046

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-52303

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-5535

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-56128

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-56337

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-57699

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-6763

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2024-7254

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2025-1974

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2025-23184

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2025-24813

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2025-24928

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2025-24970

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2025-27516

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2025-27789

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

CVE-2025-31721

Affected products

Known affected 24 products

Product	Identifier	Version
Oracle Communications 9.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0`	9.0.0
Oracle Communications 9.0.2 Oracle / Communications	`cpe:/a:oracle:communications:9.0.2`	9.0.2
Oracle Communications 9.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:9.0.0.0`	9.0.0.0
Oracle Communications 4.1.0 Oracle / Communications	`cpe:/a:oracle:communications:4.1.0`	4.1.0
Oracle Communications 4.2.0 Oracle / Communications	`cpe:/a:oracle:communications:4.2.0`	4.2.0
Oracle Communications 9.2.0 Oracle / Communications	`cpe:/a:oracle:communications:9.2.0`	9.2.0
Oracle Communications 24.2.3 Oracle / Communications	`cpe:/a:oracle:communications:24.2.3`	24.2.3
Oracle Communications 9.3.0 Oracle / Communications	`cpe:/a:oracle:communications:9.3.0`	9.3.0
Oracle Communications 46.6 Oracle / Communications	`cpe:/a:oracle:communications:46.6`	46.6
Oracle Communications 24.2.0 Oracle / Communications	`cpe:/a:oracle:communications:24.2.0`	24.2.0
Oracle Communications 5.2 Oracle / Communications	`cpe:/a:oracle:communications:5.2`	5.2
Oracle Communications 24.1.0 Oracle / Communications	`cpe:/a:oracle:communications:24.1.0`	24.1.0
Oracle Communications 25.1.100 Oracle / Communications	`cpe:/a:oracle:communications:25.1.100`	25.1.100
Oracle Communications 10.0.0 Oracle / Communications	`cpe:/a:oracle:communications:10.0.0`	10.0.0
Oracle Communications 15.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0`	15.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Oracle Communications 15.0.1 Oracle / Communications	`cpe:/a:oracle:communications:15.0.1`	15.0.1
Oracle Communications 15.0.2 Oracle / Communications	`cpe:/a:oracle:communications:15.0.2`	15.0.2
Oracle Communications 15.0.0.0.0 Oracle / Communications	`cpe:/a:oracle:communications:15.0.0.0.0`	15.0.0.0.0
Oracle Communications 14.0.0 Oracle / Communications	`cpe:/a:oracle:communications:14.0.0`	14.0.0
Oracle Communications 9.1.1.9 Oracle / Communications	`cpe:/a:oracle:communications:9.1.1.9`	9.1.1.9
Oracle Communications 22.4.0 Oracle / Communications	`cpe:/a:oracle:communications:22.4.0`	22.4.0
Oracle Communications 9.0.1 Oracle / Communications	`cpe:/a:oracle:communications:9.0.1`	9.0.1
Oracle Communications 24.2.5 Oracle / Communications	`cpe:/a:oracle:communications:24.2.5`	24.2.5

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle Communications <=24.2.4 Oracle / Communications		<=24.2.4
Oracle Communications <=23.4.0 Oracle / Communications		<=23.4.0
Oracle Communications <=24.3.0 Oracle / Communications		<=24.3.0
Oracle Communications <=24.2.2 Oracle / Communications		<=24.2.2
Oracle Communications <=9.0.3 Oracle / Communications		<=9.0.3

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpuapr2025…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0823 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0823.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0823 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0823"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2025 - Appendix Oracle Communications vom 2025-04-15",
        "url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixCGBU"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20254-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021063.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-03T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-04T09:28:41.594+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0823",
      "initial_release_date": "2025-04-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-06-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "46.6",
                "product": {
                  "name": "Oracle Communications 46.6",
                  "product_id": "T022826",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:46.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "22.4.0",
                "product": {
                  "name": "Oracle Communications 22.4.0",
                  "product_id": "T024981",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:22.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0.0",
                "product": {
                  "name": "Oracle Communications 9.0.0",
                  "product_id": "T027330",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0.1",
                "product": {
                  "name": "Oracle Communications 9.0.1",
                  "product_id": "T027331",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0.0.0",
                "product": {
                  "name": "Oracle Communications 9.0.0.0",
                  "product_id": "T030589",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0.2",
                "product": {
                  "name": "Oracle Communications 9.0.2",
                  "product_id": "T030595",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.0.0.0",
                "product": {
                  "name": "Oracle Communications 15.0.0.0.0",
                  "product_id": "T032090",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.0.0.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=23.4.0",
                "product": {
                  "name": "Oracle Communications \u003c=23.4.0",
                  "product_id": "T032091"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=23.4.0",
                "product": {
                  "name": "Oracle Communications \u003c=23.4.0",
                  "product_id": "T032091-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "24.1.0",
                "product": {
                  "name": "Oracle Communications 24.1.0",
                  "product_id": "T034145",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:24.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.2",
                "product": {
                  "name": "Oracle Communications 5.2",
                  "product_id": "T034146",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:5.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.2.0",
                "product": {
                  "name": "Oracle Communications 24.2.0",
                  "product_id": "T036197",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:24.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.1.0",
                "product": {
                  "name": "Oracle Communications 4.1.0",
                  "product_id": "T036205",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.2.0",
                "product": {
                  "name": "Oracle Communications 4.2.0",
                  "product_id": "T036206",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:4.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.2.0",
                "product": {
                  "name": "Oracle Communications 9.2.0",
                  "product_id": "T036207",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.3.0",
                "product": {
                  "name": "Oracle Communications 9.3.0",
                  "product_id": "T036208",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.3.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.0.3",
                "product": {
                  "name": "Oracle Communications \u003c=9.0.3",
                  "product_id": "T036210"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.0.3",
                "product": {
                  "name": "Oracle Communications \u003c=9.0.3",
                  "product_id": "T036210-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.2.2",
                "product": {
                  "name": "Oracle Communications \u003c=24.2.2",
                  "product_id": "T038379"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.2.2",
                "product": {
                  "name": "Oracle Communications \u003c=24.2.2",
                  "product_id": "T038379-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.1.9",
                "product": {
                  "name": "Oracle Communications 9.1.1.9",
                  "product_id": "T040447",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:9.1.1.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.3.0",
                "product": {
                  "name": "Oracle Communications \u003c=24.3.0",
                  "product_id": "T040448"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.3.0",
                "product": {
                  "name": "Oracle Communications \u003c=24.3.0",
                  "product_id": "T040448-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "24.2.3",
                "product": {
                  "name": "Oracle Communications 24.2.3",
                  "product_id": "T040449",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:24.2.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.2.5",
                "product": {
                  "name": "Oracle Communications 24.2.5",
                  "product_id": "T042793",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:24.2.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.1.100",
                "product": {
                  "name": "Oracle Communications 25.1.100",
                  "product_id": "T042794",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:25.1.100"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.0.0",
                "product": {
                  "name": "Oracle Communications 10.0.0",
                  "product_id": "T042795",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:10.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.2.4",
                "product": {
                  "name": "Oracle Communications \u003c=24.2.4",
                  "product_id": "T042796"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=24.2.4",
                "product": {
                  "name": "Oracle Communications \u003c=24.2.4",
                  "product_id": "T042796-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "15.0.0",
                "product": {
                  "name": "Oracle Communications 15.0.0",
                  "product_id": "T042797",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.1",
                "product": {
                  "name": "Oracle Communications 15.0.1",
                  "product_id": "T042798",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.0.2",
                "product": {
                  "name": "Oracle Communications 15.0.2",
                  "product_id": "T042799",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:15.0.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.0.0",
                "product": {
                  "name": "Oracle Communications 14.0.0",
                  "product_id": "T042800",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications:14.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-49582",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2023-49582"
    },
    {
      "cve": "CVE-2023-51074",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2023-51074"
    },
    {
      "cve": "CVE-2023-5388",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2023-5388"
    },
    {
      "cve": "CVE-2023-5685",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2023-5685"
    },
    {
      "cve": "CVE-2024-1135",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-1135"
    },
    {
      "cve": "CVE-2024-12797",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-12797"
    },
    {
      "cve": "CVE-2024-21538",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-21538"
    },
    {
      "cve": "CVE-2024-25638",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-25638"
    },
    {
      "cve": "CVE-2024-28168",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-28168"
    },
    {
      "cve": "CVE-2024-28219",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-28219"
    },
    {
      "cve": "CVE-2024-28834",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-28834"
    },
    {
      "cve": "CVE-2024-34064",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-34064"
    },
    {
      "cve": "CVE-2024-35195",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-35195"
    },
    {
      "cve": "CVE-2024-37891",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-37891"
    },
    {
      "cve": "CVE-2024-38819",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-38819"
    },
    {
      "cve": "CVE-2024-38827",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-38827"
    },
    {
      "cve": "CVE-2024-40896",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-40896"
    },
    {
      "cve": "CVE-2024-4227",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-4227"
    },
    {
      "cve": "CVE-2024-43044",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-43044"
    },
    {
      "cve": "CVE-2024-47072",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47072"
    },
    {
      "cve": "CVE-2024-47554",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-49767",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-49767"
    },
    {
      "cve": "CVE-2024-50602",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-50602"
    },
    {
      "cve": "CVE-2024-52046",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-52046"
    },
    {
      "cve": "CVE-2024-52303",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-52303"
    },
    {
      "cve": "CVE-2024-5535",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-5535"
    },
    {
      "cve": "CVE-2024-56128",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-56128"
    },
    {
      "cve": "CVE-2024-56337",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-56337"
    },
    {
      "cve": "CVE-2024-57699",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2024-6763",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-6763"
    },
    {
      "cve": "CVE-2024-7254",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2025-1974",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-1974"
    },
    {
      "cve": "CVE-2025-23184",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-23184"
    },
    {
      "cve": "CVE-2025-24813",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-24813"
    },
    {
      "cve": "CVE-2025-24928",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-24928"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-27516",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-27516"
    },
    {
      "cve": "CVE-2025-27789",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-27789"
    },
    {
      "cve": "CVE-2025-31721",
      "product_status": {
        "known_affected": [
          "T027330",
          "T030595",
          "T030589",
          "T036205",
          "T036206",
          "T036207",
          "T040449",
          "T036208",
          "T022826",
          "T036197",
          "T034146",
          "T034145",
          "T042794",
          "T042795",
          "T042797",
          "T002207",
          "T042798",
          "T042799",
          "T032090",
          "T042800",
          "T040447",
          "T024981",
          "T027331",
          "T042793"
        ],
        "last_affected": [
          "T042796",
          "T032091",
          "T040448",
          "T038379",
          "T036210"
        ]
      },
      "release_date": "2025-04-15T22:00:00.000+00:00",
      "title": "CVE-2025-31721"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-23184 (GCVE-0-2025-23184)

Tags

Sightings

Nomenclature