Vulnerability-Lookup

CVE-2025-48734 (GCVE-0-2025-48734)

Vulnerability from cvelistv5 – Published: 2025-05-28 13:32 – Updated: 2026-04-29 03:55

Title

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Summary

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-284 - Improper Access Control

Assigner

apache

References

3 references

URL	Tags
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	vendor-advisory
http://www.openwall.com/lists/oss-security/2025/05/28/6
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
Apache Software Foundation	Apache Commons BeanUtils 1.x	Affected: 1.0 , < 1.11.0 (maven)
Apache Software Foundation	Apache Commons BeanUtils 2.x	Affected: 2.0.0-M1 , < 2.0.0-M2 (maven)

Credits

Raj (mailto:denesh.raj@zohocorp.com) Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48734",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T03:55:27.335Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:04:56.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/28/6"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "commons-beanutils:commons-beanutils",
          "product": "Apache Commons BeanUtils 1.x",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-beanutils2",
          "product": "Apache Commons BeanUtils 2.x",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.0-M2",
              "status": "affected",
              "version": "2.0.0-M1",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Raj (mailto:denesh.raj@zohocorp.com)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Access Control vulnerability in Apache Commons.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003eReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\u003cbr\u003eStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\u003cp\u003e\u003c/p\u003eThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.\u003cp\u003eUsers of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\u003c/p\u003e\u003cp\u003e\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Improper Access Control vulnerability in Apache Commons.\n\n\n\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\n\n\n\n\n\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\n\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\n\n\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T13:32:08.300Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48734",
    "datePublished": "2025-05-28T13:32:08.300Z",
    "dateReserved": "2025-05-23T12:30:32.006Z",
    "dateUpdated": "2026-04-29T03:55:27.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-48734",
      "date": "2026-06-10",
      "epss": "0.00258",
      "percentile": "0.49518"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48734\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-05-28T14:15:34.070\",\"lastModified\":\"2025-11-03T20:19:07.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Access Control vulnerability in Apache Commons.\\n\\n\\n\\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\\n\\n\\n\\n\\n\\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\\n\\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\\n\\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\\n\\n\\nUsers of the artifact org.apache.commons:commons-beanutils2\\n\\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de control de acceso inadecuado en Apache Commons. Se a\u00f1adi\u00f3 una clase especial BeanIntrospector en la versi\u00f3n 1.9.2. Esta permite impedir que los atacantes utilicen la propiedad de clase declarada de los objetos de enumeraci\u00f3n de Java para acceder al cargador de clases. Sin embargo, esta protecci\u00f3n no estaba habilitada por defecto. PropertyUtilsBean (y, en consecuencia, BeanUtilsBean) ahora impide el acceso a las propiedades de clase declaradas por defecto. Las versiones 1.11.0 y 2.0.0-M2 solucionan un posible problema de seguridad al acceder a las propiedades de enumeraci\u00f3n de forma incontrolada. Si una aplicaci\u00f3n que utiliza Commons BeanUtils pasa rutas de propiedades desde una fuente externa directamente al m\u00e9todo getProperty() de PropertyUtilsBean, un atacante puede acceder al cargador de clases de la enumeraci\u00f3n mediante la propiedad \\\"declaredClass\\\", disponible en todos los objetos \\\"enum\\\" de Java. Acceder a la propiedad \\\"declaredClass\\\" de la enumeraci\u00f3n permite a atacantes remotos acceder al cargador de clases y ejecutar c\u00f3digo arbitrario. El mismo problema existe con PropertyUtilsBean.getNestedProperty(). A partir de las versiones 1.11.0 y 2.0.0-M2, un BeanIntrospector especial suprime la propiedad \\\"declaredClass\\\". Tenga en cuenta que este nuevo BeanIntrospector est\u00e1 habilitado por defecto, pero puede deshabilitarlo para recuperar el comportamiento anterior; consulte la secci\u00f3n 2.5 de la gu\u00eda del usuario y las pruebas unitarias. Este problema afecta a Apache Commons BeanUtils 1.x anterior a la 1.11.0 y a las versiones 2.x anterior a la 2.0.0-M2. Se recomienda a los usuarios del artefacto commons-beanutils:commons-beanutils 1.x actualizar a la versi\u00f3n 1.11.0, que soluciona el problema. Se recomienda a los usuarios del artefacto org.apache.commons:commons-beanutils2 2.x actualizar a la versi\u00f3n 2.0.0-M2, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"1.11.0\",\"matchCriteriaId\":\"3ABE6272-1A82-437E-8153-DE129760FD51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_beanutils:2.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D211BECE-15F4-4685-8B8C-BB6221A2CC83\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/05/28/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/05/28/6\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:04:56.273Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48734\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-24T03:55:16.159076Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-28T14:01:12.288Z\"}}], \"cna\": {\"title\": \"Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Raj (mailto:denesh.raj@zohocorp.com)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons BeanUtils 1.x\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"1.11.0\", \"versionType\": \"maven\"}], \"packageName\": \"commons-beanutils:commons-beanutils\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons BeanUtils 2.x\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0-M1\", \"lessThan\": \"2.0.0-M2\", \"versionType\": \"maven\"}], \"packageName\": \"org.apache.commons:commons-beanutils2\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Access Control vulnerability in Apache Commons.\\n\\n\\n\\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\\n\\n\\n\\n\\n\\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\\u2019s class loader via the \\u201cdeclaredClass\\u201d property available on all Java \\u201cenum\\u201d objects. Accessing the enum\\u2019s \\u201cdeclaredClass\\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \\u201cdeclaredClass\\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\\n\\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\\n\\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\\n\\n\\nUsers of the artifact org.apache.commons:commons-beanutils2\\n\\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Access Control vulnerability in Apache Commons.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003eReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\\u2019s class loader via the \\u201cdeclaredClass\\u201d property available on all Java \\u201cenum\\u201d objects. Accessing the enum\\u2019s \\u201cdeclaredClass\\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\u003cbr\u003eStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \\u201cdeclaredClass\\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\u003cp\u003e\u003c/p\u003eThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.\u003cp\u003eUsers of the artifact commons-beanutils:commons-beanutils\\n\\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\u003c/p\u003e\u003cp\u003e\\nUsers of the artifact org.apache.commons:commons-beanutils2\\n\\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\\n\\n\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-05-28T13:32:08.300Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48734\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-29T03:55:27.335Z\", \"dateReserved\": \"2025-05-23T12:30:32.006Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-05-28T13:32:08.300Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

NCSC-2026-0025

Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:55 - Updated: 2026-01-21 09:55

Summary

Kwetsbaarheden verholpen in Oracle Financial Services

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle Banking Liquidity Management, Oracle Financial Services Model Management en Oracle FLEXCUBE.

Interpretaties: De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en Denial-of-Service (DoS) aan te richten. Dit kan leiden tot vertrouwelijkheids- en integriteitsrisico's. Specifieke kwetsbaarheden omvatten onjuist beheer van verbindingen en onvoldoende invoervalidatie wat kan resulteren in systeemcompromittering en serviceonderbrekingen.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-125: Out-of-bounds Read

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-284: Improper Access Control

CWE-285: Improper Authorization

CWE-287: Improper Authentication

CWE-289: Authentication Bypass by Alternate Name

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-521: Weak Password Requirements

CWE-674: Uncontrolled Recursion

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CWE-863: Incorrect Authorization

CWE-918: Server-Side Request Forgery (SSRF)

CWE-937: CWE-937

CWE-1035: CWE-1035

CVE-2025-5115

Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-9230

Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-22228

Multiple vulnerabilities have been identified across Oracle and NetApp products, including critical issues in Oracle Banking Liquidity Management and Spring Security flaws affecting sensitive data integrity.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-521 - Weak Password Requirements

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-27817

Multiple vulnerabilities across Apache Kafka and Oracle products allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for several Oracle systems.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-41248

Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-289 - Authentication Bypass by Alternate Name

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-41249

Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-48734

Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-48795

Multiple vulnerabilities in Oracle's Primavera P6 and WebCenter Forms Recognition, along with an Apache CXF bug and issues in HPE Telco Service Activator, expose systems to unauthorized data access and potential denial of service.

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-48924

Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-48976

Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-49796

Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-55163

Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-61795

Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2025-66418

The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2026-21973

A vulnerability in Oracle FLEXCUBE Investor Servicing versions 14.5.0.15.0, 14.7.0.8.0, and 14.8.0.1.0 allows low privileged attackers to exploit it via HTTP, leading to unauthorized access and modification of critical data.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

CVE-2026-21978

A vulnerability in Oracle FLEXCUBE Universal Banking (versions 14.0.0.0.0-14.8.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, rated with a CVSS 3.1 Base Score of 6.5.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Cash Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Liquidity Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Supply Chain Finance		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Investor Servicing		vers:unknown/*
vers:unknown/* Oracle / Oracle FLEXCUBE Universal Banking		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Insurance Policy Administration J2EE		vers:unknown/*

References

17 references

URL	Category
https://www.oracle.com/security-alerts/cpujan2026.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle Banking Liquidity Management, Oracle Financial Services Model Management en Oracle FLEXCUBE.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en Denial-of-Service (DoS) aan te richten. Dit kan leiden tot vertrouwelijkheids- en integriteitsrisico\u0027s. Specifieke kwetsbaarheden omvatten onjuist beheer van verbindingen en onvoldoende invoervalidatie wat kan resulteren in systeemcompromittering en serviceonderbrekingen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Improper Authentication",
        "title": "CWE-287"
      },
      {
        "category": "general",
        "text": "Authentication Bypass by Alternate Name",
        "title": "CWE-289"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Weak Password Requirements",
        "title": "CWE-521"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Financial Services",
    "tracking": {
      "current_release_date": "2026-01-21T09:55:33.889125Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0025",
      "initial_release_date": "2026-01-21T09:55:33.889125Z",
      "revision_history": [
        {
          "date": "2026-01-21T09:55:33.889125Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Banking Branch"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Banking Cash Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Banking Corporate Lending Process Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Banking Liquidity Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Banking Supply Chain Finance"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle FLEXCUBE Investor Servicing"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle FLEXCUBE Universal Banking"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Financial Services Compliance Studio"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Financial Services Model Management and Governance"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Insurance Policy Administration J2EE"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-5115",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-9230",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9230 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-9230"
    },
    {
      "cve": "CVE-2025-22228",
      "cwe": {
        "id": "CWE-521",
        "name": "Weak Password Requirements"
      },
      "notes": [
        {
          "category": "other",
          "text": "Weak Password Requirements",
          "title": "CWE-521"
        },
        {
          "category": "other",
          "text": "Improper Authentication",
          "title": "CWE-287"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified across Oracle and NetApp products, including critical issues in Oracle Banking Liquidity Management and Spring Security flaws affecting sensitive data integrity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-22228 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-22228.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-22228"
    },
    {
      "cve": "CVE-2025-27817",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache Kafka and Oracle products allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for several Oracle systems.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27817 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-41248",
      "cwe": {
        "id": "CWE-289",
        "name": "Authentication Bypass by Alternate Name"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authentication Bypass by Alternate Name",
          "title": "CWE-289"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41248 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-41248"
    },
    {
      "cve": "CVE-2025-41249",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41249 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48734 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48795",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle\u0027s Primavera P6 and WebCenter Forms Recognition, along with an Apache CXF bug and issues in HPE Telco Service Activator, expose systems to unauthorized data access and potential denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48795 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-48795"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-49796",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-49796 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-49796"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-61795",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61795 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-61795"
    },
    {
      "cve": "CVE-2025-66418",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66418 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-66418"
    },
    {
      "cve": "CVE-2026-21973",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Oracle FLEXCUBE Investor Servicing versions 14.5.0.15.0, 14.7.0.8.0, and 14.8.0.1.0 allows low privileged attackers to exploit it via HTTP, leading to unauthorized access and modification of critical data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21973 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21973.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-21973"
    },
    {
      "cve": "CVE-2026-21978",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Oracle FLEXCUBE Universal Banking (versions 14.0.0.0.0-14.8.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, rated with a CVSS 3.1 Base Score of 6.5.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21978 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21978.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-21978"
    }
  ]
}

NCSC-2026-0126

Vulnerability from csaf_ncscnl - Published: 2026-04-22 12:56 - Updated: 2026-04-22 12:56

Summary

Kwetsbaarheden verholpen in Oracle E-Business Suite

Notes

Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.

Interpretaties: De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning en Oracle Flow Manufacturing. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-284: Improper Access Control

CVE-2026-34275

A critical unauthenticated remote code execution vulnerability in Oracle Advanced Inbound Telephony (versions 12.2.3-12.2.15) with a CVSS 3.1 score of 9.8 severely impacts confidentiality, integrity, and availability via HTTP.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2024-51504

Multiple vulnerabilities in Apache ZooKeeper, including IPAuthenticationProvider spoofing and unauthorized access issues, affect various Oracle and Apache products, allowing authentication bypass, sensitive data exposure, and denial of service.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-290 - Authentication Bypass by Spoofing

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2025-48734

Multiple vulnerabilities in Apache Commons BeanUtils prior to version 1.11.0 and various Oracle and HPE products allow remote attackers to execute arbitrary code or take over systems via HTTP or Java enum declaredClass property access.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2026-22011

A vulnerability in Oracle E-Business Suite's ADPatch component (versions 12.2.3 to 12.2.15) allows a high-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 7.6.

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2025-58057

Multiple denial of service vulnerabilities affect Netty (up to 4.1.124.Final), HPE Telco Intelligent Assurance, and Oracle Communications Cloud Native products due to unbounded buffer allocation and malformed HTTP/2 frames, with CVSS scores up to 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2026-34297

A vulnerability in Oracle HCM Common Architecture versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 7.5 for high confidentiality impact.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2026-34274

A vulnerability in Oracle Configurator within Oracle E-Business Suite versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2025-41242

Multiple vulnerabilities in the Spring Framework affect various products including NetApp, Oracle Primavera Unifier, and Oracle Enterprise Command Center Framework, enabling unauthenticated attackers to access or compromise critical data, with severity ranging up to CVSS 5.9.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2026-34302

A vulnerability in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications and cause partial denial of service, with a CVSS 3.1 base score of 5.5.

5.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2025-31672

Apache POI poi-ooxml versions before 5.4.0 contain a vulnerability involving improper input validation of OOXML files with duplicate ZIP entries, affecting multiple products including Oracle and NetApp, allowing unauthenticated attackers to modify data with a CVSS score of 5.3.

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2025-68161

Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-297 - Improper Validation of Certificate with Host Mismatch

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2026-34298

A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

CVE-2026-22014

A vulnerability in Oracle E-Business Suite User Management (versions 12.2.7-12.2.15) allows a high-privileged attacker with HTTP network access to read and modify certain accessible data, rated CVSS 3.8.

3.8 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Affected products

Known affected 10 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Advanced Inbound Telephony		vers:unknown/*
vers:unknown/* Oracle / Oracle Advanced Supply Chain Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Applications DBA		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Command Center Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle Flow Manufacturing		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Order Promising		vers:unknown/*
vers:unknown/* Oracle / Oracle HCM Common Architecture		vers:unknown/*
vers:unknown/* Oracle / Oracle Rapid Planning		vers:unknown/*
vers:unknown/* Oracle / Oracle Yard Management		vers:unknown/*
vers:unknown/* Oracle / Oracle iProcurement		vers:unknown/*

References

14 references

URL	Category
https://www.oracle.com/security-alerts/cpuapr2026.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning en Oracle Flow Manufacturing. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.\n\n",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle E-Business Suite",
    "tracking": {
      "current_release_date": "2026-04-22T12:56:26.266249Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0126",
      "initial_release_date": "2026-04-22T12:56:26.266249Z",
      "revision_history": [
        {
          "date": "2026-04-22T12:56:26.266249Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Advanced Inbound Telephony"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Advanced Supply Chain Planning"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Applications DBA"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Command Center Framework"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Flow Manufacturing"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Global Order Promising"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle HCM Common Architecture"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Rapid Planning"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Yard Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle iProcurement"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-34275",
      "notes": [
        {
          "category": "description",
          "text": "A critical unauthenticated remote code execution vulnerability in Oracle Advanced Inbound Telephony (versions 12.2.3-12.2.15) with a CVSS 3.1 score of 9.8 severely impacts confidentiality, integrity, and availability via HTTP.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34275 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34275.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-34275"
    },
    {
      "cve": "CVE-2024-51504",
      "cwe": {
        "id": "CWE-290",
        "name": "Authentication Bypass by Spoofing"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authentication Bypass by Spoofing",
          "title": "CWE-290"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Apache ZooKeeper, including IPAuthenticationProvider spoofing and unauthorized access issues, affect various Oracle and Apache products, allowing authentication bypass, sensitive data exposure, and denial of service.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-51504 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2024-51504"
    },
    {
      "cve": "CVE-2025-48734",
      "notes": [
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Apache Commons BeanUtils prior to version 1.11.0 and various Oracle and HPE products allow remote attackers to execute arbitrary code or take over systems via HTTP or Java enum declaredClass property access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48734 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2026-22011",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Oracle E-Business Suite\u0027s ADPatch component (versions 12.2.3 to 12.2.15) allows a high-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 7.6.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-22011 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22011.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-22011"
    },
    {
      "cve": "CVE-2025-58057",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
          "title": "CWE-409"
        },
        {
          "category": "description",
          "text": "Multiple denial of service vulnerabilities affect Netty (up to 4.1.124.Final), HPE Telco Intelligent Assurance, and Oracle Communications Cloud Native products due to unbounded buffer allocation and malformed HTTP/2 frames, with CVSS scores up to 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58057 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-58057"
    },
    {
      "cve": "CVE-2026-34297",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Oracle HCM Common Architecture versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 7.5 for high confidentiality impact.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34297 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34297.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-34297"
    },
    {
      "cve": "CVE-2026-34274",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Oracle Configurator within Oracle E-Business Suite versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34274 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34274.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-34274"
    },
    {
      "cve": "CVE-2025-41242",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in the Spring Framework affect various products including NetApp, Oracle Primavera Unifier, and Oracle Enterprise Command Center Framework, enabling unauthenticated attackers to access or compromise critical data, with severity ranging up to CVSS 5.9.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41242 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41242.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-41242"
    },
    {
      "cve": "CVE-2026-34302",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications and cause partial denial of service, with a CVSS 3.1 base score of 5.5.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34302 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34302.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-34302"
    },
    {
      "cve": "CVE-2025-31672",
      "notes": [
        {
          "category": "description",
          "text": "Apache POI poi-ooxml versions before 5.4.0 contain a vulnerability involving improper input validation of OOXML files with duplicate ZIP entries, affecting multiple products including Oracle and NetApp, allowing unauthenticated attackers to modify data with a CVSS score of 5.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-31672 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-31672"
    },
    {
      "cve": "CVE-2025-68161",
      "cwe": {
        "id": "CWE-297",
        "name": "Improper Validation of Certificate with Host Mismatch"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Certificate with Host Mismatch",
          "title": "CWE-297"
        },
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-68161 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2025-68161"
    },
    {
      "cve": "CVE-2026-34298",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34298 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34298.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-34298"
    },
    {
      "cve": "CVE-2026-22014",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Oracle E-Business Suite User Management (versions 12.2.7-12.2.15) allows a high-privileged attacker with HTTP network access to read and modify certain accessible data, rated CVSS 3.8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-22014 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22014.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10"
          ]
        }
      ],
      "title": "CVE-2026-22014"
    }
  ]
}

OPENSUSE-SU-2025:15175-1

Vulnerability from csaf_opensuse - Published: 2025-05-30 00:00 - Updated: 2025-05-30 00:00

Summary

apache-commons-beanutils-1.11.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: apache-commons-beanutils-1.11.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the apache-commons-beanutils-1.11.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2025-15175

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

5 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-48734/	self
https://www.suse.com/security/cve/CVE-2025-48734	external
https://bugzilla.suse.com/1243793	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "apache-commons-beanutils-1.11.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the apache-commons-beanutils-1.11.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15175",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15175-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48734 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48734/"
      }
    ],
    "title": "apache-commons-beanutils-1.11.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-05-30T00:00:00Z",
      "generator": {
        "date": "2025-05-30T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15175-1",
      "initial_release_date": "2025-05-30T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-05-30T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-1.11.0-1.1.aarch64",
                "product": {
                  "name": "apache-commons-beanutils-1.11.0-1.1.aarch64",
                  "product_id": "apache-commons-beanutils-1.11.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
                "product": {
                  "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
                  "product_id": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-1.11.0-1.1.ppc64le",
                "product": {
                  "name": "apache-commons-beanutils-1.11.0-1.1.ppc64le",
                  "product_id": "apache-commons-beanutils-1.11.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
                "product": {
                  "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
                  "product_id": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-1.11.0-1.1.s390x",
                "product": {
                  "name": "apache-commons-beanutils-1.11.0-1.1.s390x",
                  "product_id": "apache-commons-beanutils-1.11.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
                "product": {
                  "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
                  "product_id": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-1.11.0-1.1.x86_64",
                "product": {
                  "name": "apache-commons-beanutils-1.11.0-1.1.x86_64",
                  "product_id": "apache-commons-beanutils-1.11.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64",
                "product": {
                  "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64",
                  "product_id": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-1.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64"
        },
        "product_reference": "apache-commons-beanutils-1.11.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-1.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le"
        },
        "product_reference": "apache-commons-beanutils-1.11.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-1.11.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x"
        },
        "product_reference": "apache-commons-beanutils-1.11.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-1.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64"
        },
        "product_reference": "apache-commons-beanutils-1.11.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64"
        },
        "product_reference": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le"
        },
        "product_reference": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x"
        },
        "product_reference": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
        },
        "product_reference": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-48734",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48734"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Access Control vulnerability in Apache Commons.\n\n\n\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\n\n\n\n\n\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u0027s class loader via the \"declaredClass\" property available on all Java \"enum\" objects. Accessing the enum\u0027s \"declaredClass\" allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \"declaredClass\" property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\n\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\n\n\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64",
          "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le",
          "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x",
          "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64",
          "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
          "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
          "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
          "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48734",
          "url": "https://www.suse.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243793 for CVE-2025-48734",
          "url": "https://bugzilla.suse.com/1243793"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64",
            "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64",
            "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
            "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
            "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
            "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-30T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-48734"
    }
  ]
}

RHSA-2025:10452

Vulnerability from csaf_redhat - Published: 2025-07-07 13:32 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-2251

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-27611

A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-1007 - Insufficient Visual Distinction of Homoglyphs Presented to User

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Important

References

54 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10452	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://access.redhat.com/articles/7120566	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2363176	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://issues.redhat.com/browse/JBEAP-28866	external
https://issues.redhat.com/browse/JBEAP-28992	external
https://issues.redhat.com/browse/JBEAP-29252	external
https://issues.redhat.com/browse/JBEAP-29257	external
https://issues.redhat.com/browse/JBEAP-29530	external
https://issues.redhat.com/browse/JBEAP-29679	external
https://issues.redhat.com/browse/JBEAP-29691	external
https://issues.redhat.com/browse/JBEAP-29692	external
https://issues.redhat.com/browse/JBEAP-29806	external
https://issues.redhat.com/browse/JBEAP-29863	external
https://issues.redhat.com/browse/JBEAP-29867	external
https://issues.redhat.com/browse/JBEAP-29984	external
https://issues.redhat.com/browse/JBEAP-29999	external
https://issues.redhat.com/browse/JBEAP-30087	external
https://issues.redhat.com/browse/JBEAP-30151	external
https://issues.redhat.com/browse/JBEAP-30157	external
https://issues.redhat.com/browse/JBEAP-30263	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-27611	self
https://bugzilla.redhat.com/show_bug.cgi?id=2363176	external
https://www.cve.org/CVERecord?id=CVE-2025-27611	external
https://nvd.nist.gov/vuln/detail/CVE-2025-27611	external
https://github.com/cryptocoinjs/base-x/pull/86	external
https://github.com/cryptocoinjs/base-x/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10452",
        "url": "https://access.redhat.com/errata/RHSA-2025:10452"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7120566",
        "url": "https://access.redhat.com/articles/7120566"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2363176",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "JBEAP-28866",
        "url": "https://issues.redhat.com/browse/JBEAP-28866"
      },
      {
        "category": "external",
        "summary": "JBEAP-28992",
        "url": "https://issues.redhat.com/browse/JBEAP-28992"
      },
      {
        "category": "external",
        "summary": "JBEAP-29252",
        "url": "https://issues.redhat.com/browse/JBEAP-29252"
      },
      {
        "category": "external",
        "summary": "JBEAP-29257",
        "url": "https://issues.redhat.com/browse/JBEAP-29257"
      },
      {
        "category": "external",
        "summary": "JBEAP-29530",
        "url": "https://issues.redhat.com/browse/JBEAP-29530"
      },
      {
        "category": "external",
        "summary": "JBEAP-29679",
        "url": "https://issues.redhat.com/browse/JBEAP-29679"
      },
      {
        "category": "external",
        "summary": "JBEAP-29691",
        "url": "https://issues.redhat.com/browse/JBEAP-29691"
      },
      {
        "category": "external",
        "summary": "JBEAP-29692",
        "url": "https://issues.redhat.com/browse/JBEAP-29692"
      },
      {
        "category": "external",
        "summary": "JBEAP-29806",
        "url": "https://issues.redhat.com/browse/JBEAP-29806"
      },
      {
        "category": "external",
        "summary": "JBEAP-29863",
        "url": "https://issues.redhat.com/browse/JBEAP-29863"
      },
      {
        "category": "external",
        "summary": "JBEAP-29867",
        "url": "https://issues.redhat.com/browse/JBEAP-29867"
      },
      {
        "category": "external",
        "summary": "JBEAP-29984",
        "url": "https://issues.redhat.com/browse/JBEAP-29984"
      },
      {
        "category": "external",
        "summary": "JBEAP-29999",
        "url": "https://issues.redhat.com/browse/JBEAP-29999"
      },
      {
        "category": "external",
        "summary": "JBEAP-30087",
        "url": "https://issues.redhat.com/browse/JBEAP-30087"
      },
      {
        "category": "external",
        "summary": "JBEAP-30151",
        "url": "https://issues.redhat.com/browse/JBEAP-30151"
      },
      {
        "category": "external",
        "summary": "JBEAP-30157",
        "url": "https://issues.redhat.com/browse/JBEAP-30157"
      },
      {
        "category": "external",
        "summary": "JBEAP-30263",
        "url": "https://issues.redhat.com/browse/JBEAP-30263"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10452.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:12+00:00",
      "generator": {
        "date": "2026-06-10T08:37:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2025:10452",
      "initial_release_date": "2025-07-07T13:32:31+00:00",
      "revision_history": [
        {
          "date": "2025-07-07T13:32:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-07T13:32:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 8.0 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss EAP 8.0 for RHEL 8",
                  "product_id": "8Base-JBEAP-8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
                "product": {
                  "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
                  "product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
                  "product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
                "product": {
                  "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
                  "product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
                "product": {
                  "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
                  "product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
                  "product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
                  "product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el8eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-elytron-tool@2.2.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-core@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-mime4j-dom@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-mime4j-storage@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j-api@2.0.17-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.8.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-jbosstxbridge@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-jbossxts@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-jts-idlj@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-jts-integration@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-restat-api@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-restat-bridge@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-restat-integration@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-restat-util@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf-rt@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf-services@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf-tools@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
                "product": {
                  "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
                  "product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
                "product": {
                  "name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
                  "product_id": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-velocity-engine-core@2.3.0-4.redhat_00010.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
                "product": {
                  "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
                  "product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src"
        },
        "product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch"
        },
        "product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src"
        },
        "product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch"
        },
        "product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src"
        },
        "product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch"
        },
        "product_reference": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:32:31+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10452"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:32:31+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10452"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:32:31+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10452"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "cve": "CVE-2025-27611",
      "cwe": {
        "id": "CWE-1007",
        "name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
      },
      "discovery_date": "2025-04-30T20:00:45.852222+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2363176"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "RHBZ#2363176",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "https://github.com/cryptocoinjs/base-x/pull/86",
          "url": "https://github.com/cryptocoinjs/base-x/pull/86"
        },
        {
          "category": "external",
          "summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
          "url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
        }
      ],
      "release_date": "2025-04-30T19:36:57.356000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:32:31+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10452"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:32:31+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10452"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10453

Vulnerability from csaf_redhat - Published: 2025-07-07 13:27 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-27611

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-1007 - Insufficient Visual Distinction of Homoglyphs Presented to User

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Important

References

54 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10453	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://access.redhat.com/articles/7120566	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2363176	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://issues.redhat.com/browse/JBEAP-28866	external
https://issues.redhat.com/browse/JBEAP-28992	external
https://issues.redhat.com/browse/JBEAP-29253	external
https://issues.redhat.com/browse/JBEAP-29257	external
https://issues.redhat.com/browse/JBEAP-29530	external
https://issues.redhat.com/browse/JBEAP-29679	external
https://issues.redhat.com/browse/JBEAP-29691	external
https://issues.redhat.com/browse/JBEAP-29692	external
https://issues.redhat.com/browse/JBEAP-29806	external
https://issues.redhat.com/browse/JBEAP-29863	external
https://issues.redhat.com/browse/JBEAP-29867	external
https://issues.redhat.com/browse/JBEAP-29984	external
https://issues.redhat.com/browse/JBEAP-29999	external
https://issues.redhat.com/browse/JBEAP-30087	external
https://issues.redhat.com/browse/JBEAP-30151	external
https://issues.redhat.com/browse/JBEAP-30157	external
https://issues.redhat.com/browse/JBEAP-30263	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-27611	self
https://bugzilla.redhat.com/show_bug.cgi?id=2363176	external
https://www.cve.org/CVERecord?id=CVE-2025-27611	external
https://nvd.nist.gov/vuln/detail/CVE-2025-27611	external
https://github.com/cryptocoinjs/base-x/pull/86	external
https://github.com/cryptocoinjs/base-x/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10453",
        "url": "https://access.redhat.com/errata/RHSA-2025:10453"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7120566",
        "url": "https://access.redhat.com/articles/7120566"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2363176",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "JBEAP-28866",
        "url": "https://issues.redhat.com/browse/JBEAP-28866"
      },
      {
        "category": "external",
        "summary": "JBEAP-28992",
        "url": "https://issues.redhat.com/browse/JBEAP-28992"
      },
      {
        "category": "external",
        "summary": "JBEAP-29253",
        "url": "https://issues.redhat.com/browse/JBEAP-29253"
      },
      {
        "category": "external",
        "summary": "JBEAP-29257",
        "url": "https://issues.redhat.com/browse/JBEAP-29257"
      },
      {
        "category": "external",
        "summary": "JBEAP-29530",
        "url": "https://issues.redhat.com/browse/JBEAP-29530"
      },
      {
        "category": "external",
        "summary": "JBEAP-29679",
        "url": "https://issues.redhat.com/browse/JBEAP-29679"
      },
      {
        "category": "external",
        "summary": "JBEAP-29691",
        "url": "https://issues.redhat.com/browse/JBEAP-29691"
      },
      {
        "category": "external",
        "summary": "JBEAP-29692",
        "url": "https://issues.redhat.com/browse/JBEAP-29692"
      },
      {
        "category": "external",
        "summary": "JBEAP-29806",
        "url": "https://issues.redhat.com/browse/JBEAP-29806"
      },
      {
        "category": "external",
        "summary": "JBEAP-29863",
        "url": "https://issues.redhat.com/browse/JBEAP-29863"
      },
      {
        "category": "external",
        "summary": "JBEAP-29867",
        "url": "https://issues.redhat.com/browse/JBEAP-29867"
      },
      {
        "category": "external",
        "summary": "JBEAP-29984",
        "url": "https://issues.redhat.com/browse/JBEAP-29984"
      },
      {
        "category": "external",
        "summary": "JBEAP-29999",
        "url": "https://issues.redhat.com/browse/JBEAP-29999"
      },
      {
        "category": "external",
        "summary": "JBEAP-30087",
        "url": "https://issues.redhat.com/browse/JBEAP-30087"
      },
      {
        "category": "external",
        "summary": "JBEAP-30151",
        "url": "https://issues.redhat.com/browse/JBEAP-30151"
      },
      {
        "category": "external",
        "summary": "JBEAP-30157",
        "url": "https://issues.redhat.com/browse/JBEAP-30157"
      },
      {
        "category": "external",
        "summary": "JBEAP-30263",
        "url": "https://issues.redhat.com/browse/JBEAP-30263"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10453.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:12+00:00",
      "generator": {
        "date": "2026-06-10T08:37:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2025:10453",
      "initial_release_date": "2025-07-07T13:27:47+00:00",
      "revision_history": [
        {
          "date": "2025-07-07T13:27:47+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-07T13:27:47+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 8.0 for RHEL 9",
                "product": {
                  "name": "Red Hat JBoss EAP 8.0 for RHEL 9",
                  "product_id": "9Base-JBEAP-8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
                  "product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
                  "product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
                  "product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
                "product": {
                  "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
                  "product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
                  "product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
                "product": {
                  "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
                  "product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
                "product": {
                  "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
                  "product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
                "product": {
                  "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
                  "product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
                  "product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
                "product": {
                  "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
                  "product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
                "product": {
                  "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
                  "product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el9eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-elytron-tool@2.2.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-core@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-mime4j-dom@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-mime4j-storage@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j-api@2.0.17-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.8.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_id": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-jbosstxbridge@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-jbossxts@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-jts-idlj@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-jts-integration@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-restat-api@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-restat-bridge@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-restat-integration@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-narayana-restat-util@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf-rt@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf-services@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-cxf-tools@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
                "product": {
                  "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
                  "product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
                "product": {
                  "name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
                  "product_id": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-velocity-engine-core@2.3.0-4.redhat_00010.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
                "product": {
                  "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
                  "product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src"
        },
        "product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch"
        },
        "product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src"
        },
        "product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src"
        },
        "product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src"
        },
        "product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch"
        },
        "product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src"
        },
        "product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch"
        },
        "product_reference": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src"
        },
        "product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:27:47+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10453"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:27:47+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10453"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:27:47+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10453"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "cve": "CVE-2025-27611",
      "cwe": {
        "id": "CWE-1007",
        "name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
      },
      "discovery_date": "2025-04-30T20:00:45.852222+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2363176"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "RHBZ#2363176",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "https://github.com/cryptocoinjs/base-x/pull/86",
          "url": "https://github.com/cryptocoinjs/base-x/pull/86"
        },
        {
          "category": "external",
          "summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
          "url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
        }
      ],
      "release_date": "2025-04-30T19:36:57.356000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:27:47+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10453"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:27:47+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10453"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10459

Vulnerability from csaf_redhat - Published: 2025-07-07 13:35 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-27611

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-1007 - Insufficient Visual Distinction of Homoglyphs Presented to User

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 8.0.8 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8`	—	Vendor Fix fix

Threats

Impact Important

References

53 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10459	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://access.redhat.com/articles/7120566	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2363176	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://issues.redhat.com/browse/JBEAP-28866	external
https://issues.redhat.com/browse/JBEAP-28992	external
https://issues.redhat.com/browse/JBEAP-29257	external
https://issues.redhat.com/browse/JBEAP-29530	external
https://issues.redhat.com/browse/JBEAP-29679	external
https://issues.redhat.com/browse/JBEAP-29691	external
https://issues.redhat.com/browse/JBEAP-29692	external
https://issues.redhat.com/browse/JBEAP-29806	external
https://issues.redhat.com/browse/JBEAP-29863	external
https://issues.redhat.com/browse/JBEAP-29867	external
https://issues.redhat.com/browse/JBEAP-29984	external
https://issues.redhat.com/browse/JBEAP-29999	external
https://issues.redhat.com/browse/JBEAP-30087	external
https://issues.redhat.com/browse/JBEAP-30151	external
https://issues.redhat.com/browse/JBEAP-30157	external
https://issues.redhat.com/browse/JBEAP-30263	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-27611	self
https://bugzilla.redhat.com/show_bug.cgi?id=2363176	external
https://www.cve.org/CVERecord?id=CVE-2025-27611	external
https://nvd.nist.gov/vuln/detail/CVE-2025-27611	external
https://github.com/cryptocoinjs/base-x/pull/86	external
https://github.com/cryptocoinjs/base-x/security/a…	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10459",
        "url": "https://access.redhat.com/errata/RHSA-2025:10459"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7120566",
        "url": "https://access.redhat.com/articles/7120566"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2363176",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "JBEAP-28866",
        "url": "https://issues.redhat.com/browse/JBEAP-28866"
      },
      {
        "category": "external",
        "summary": "JBEAP-28992",
        "url": "https://issues.redhat.com/browse/JBEAP-28992"
      },
      {
        "category": "external",
        "summary": "JBEAP-29257",
        "url": "https://issues.redhat.com/browse/JBEAP-29257"
      },
      {
        "category": "external",
        "summary": "JBEAP-29530",
        "url": "https://issues.redhat.com/browse/JBEAP-29530"
      },
      {
        "category": "external",
        "summary": "JBEAP-29679",
        "url": "https://issues.redhat.com/browse/JBEAP-29679"
      },
      {
        "category": "external",
        "summary": "JBEAP-29691",
        "url": "https://issues.redhat.com/browse/JBEAP-29691"
      },
      {
        "category": "external",
        "summary": "JBEAP-29692",
        "url": "https://issues.redhat.com/browse/JBEAP-29692"
      },
      {
        "category": "external",
        "summary": "JBEAP-29806",
        "url": "https://issues.redhat.com/browse/JBEAP-29806"
      },
      {
        "category": "external",
        "summary": "JBEAP-29863",
        "url": "https://issues.redhat.com/browse/JBEAP-29863"
      },
      {
        "category": "external",
        "summary": "JBEAP-29867",
        "url": "https://issues.redhat.com/browse/JBEAP-29867"
      },
      {
        "category": "external",
        "summary": "JBEAP-29984",
        "url": "https://issues.redhat.com/browse/JBEAP-29984"
      },
      {
        "category": "external",
        "summary": "JBEAP-29999",
        "url": "https://issues.redhat.com/browse/JBEAP-29999"
      },
      {
        "category": "external",
        "summary": "JBEAP-30087",
        "url": "https://issues.redhat.com/browse/JBEAP-30087"
      },
      {
        "category": "external",
        "summary": "JBEAP-30151",
        "url": "https://issues.redhat.com/browse/JBEAP-30151"
      },
      {
        "category": "external",
        "summary": "JBEAP-30157",
        "url": "https://issues.redhat.com/browse/JBEAP-30157"
      },
      {
        "category": "external",
        "summary": "JBEAP-30263",
        "url": "https://issues.redhat.com/browse/JBEAP-30263"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10459.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:12+00:00",
      "generator": {
        "date": "2026-06-10T08:37:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2025:10459",
      "initial_release_date": "2025-07-07T13:35:06+00:00",
      "revision_history": [
        {
          "date": "2025-07-07T13:35:06+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-07T13:35:06+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 8.0.8",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 8.0.8",
                  "product_id": "Red Hat JBoss Enterprise Application Platform 8.0.8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "cve": "CVE-2025-27611",
      "cwe": {
        "id": "CWE-1007",
        "name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
      },
      "discovery_date": "2025-04-30T20:00:45.852222+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2363176"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "RHBZ#2363176",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
        },
        {
          "category": "external",
          "summary": "https://github.com/cryptocoinjs/base-x/pull/86",
          "url": "https://github.com/cryptocoinjs/base-x/pull/86"
        },
        {
          "category": "external",
          "summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
          "url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
        }
      ],
      "release_date": "2025-04-30T19:36:57.356000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8.0.8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-07T13:35:06+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10459"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8.0.8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10814

Vulnerability from csaf_redhat - Published: 2025-07-10 16:19 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: apache-commons-beanutils security update

Severity

Important

Notes

Topic: An update for apache-commons-beanutils is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fix(es): * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.src	—	Vendor Fix fix
Unresolved product id: 7Server-optional-ELS:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch	—	Vendor Fix fix

Threats

Impact Important

References

12 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10814	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for apache-commons-beanutils is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans.\n\nSecurity Fix(es):\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10814",
        "url": "https://access.redhat.com/errata/RHSA-2025:10814"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10814.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache-commons-beanutils security update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:12+00:00",
      "generator": {
        "date": "2026-06-10T08:37:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2025:10814",
      "initial_release_date": "2025-07-10T16:19:11+00:00",
      "revision_history": [
        {
          "date": "2025-07-10T16:19:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-10T16:19:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                  "product_id": "7Server-optional-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_els:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.src",
                "product": {
                  "name": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.src",
                  "product_id": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/apache-commons-beanutils@1.8.3-15.el7_9.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch",
                "product": {
                  "name": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch",
                  "product_id": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/apache-commons-beanutils@1.8.3-15.el7_9.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch",
                "product": {
                  "name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch",
                  "product_id": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/apache-commons-beanutils-javadoc@1.8.3-15.el7_9.1?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch"
        },
        "product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.src as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.src"
        },
        "product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_9.1.src",
        "relates_to_product_reference": "7Server-optional-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
          "product_id": "7Server-optional-ELS:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch"
        },
        "product_reference": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch",
        "relates_to_product_reference": "7Server-optional-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch",
          "7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.src",
          "7Server-optional-ELS:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-10T16:19:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch",
            "7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.src",
            "7Server-optional-ELS:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10814"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.noarch",
            "7Server-optional-ELS:apache-commons-beanutils-0:1.8.3-15.el7_9.1.src",
            "7Server-optional-ELS:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_9.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10924

Vulnerability from csaf_redhat - Published: 2025-07-14 15:56 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036) * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10234

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-23366

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-35036

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Threats

Impact Important

References

70 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10924	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://issues.redhat.com/browse/JBEAP-28676	external
https://issues.redhat.com/browse/JBEAP-28905	external
https://issues.redhat.com/browse/JBEAP-29217	external
https://issues.redhat.com/browse/JBEAP-29440	external
https://issues.redhat.com/browse/JBEAP-29815	external
https://issues.redhat.com/browse/JBEAP-29862	external
https://issues.redhat.com/browse/JBEAP-29866	external
https://issues.redhat.com/browse/JBEAP-29914	external
https://issues.redhat.com/browse/JBEAP-29969	external
https://issues.redhat.com/browse/JBEAP-30031	external
https://issues.redhat.com/browse/JBEAP-30059	external
https://issues.redhat.com/browse/JBEAP-30264	external
https://issues.redhat.com/browse/JBEAP-30359	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-10234	self
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://www.cve.org/CVERecord?id=CVE-2024-10234	external
https://nvd.nist.gov/vuln/detail/CVE-2024-10234	external
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-23366	self
https://bugzilla.redhat.com/show_bug.cgi?id=2337619	external
https://www.cve.org/CVERecord?id=CVE-2025-23366	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23366	external
https://access.redhat.com/security/cve/CVE-2025-35036	self
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://www.cve.org/CVERecord?id=CVE-2025-35036	external
https://nvd.nist.gov/vuln/detail/CVE-2025-35036	external
https://docs.jboss.org/hibernate/stable/validator…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://hibernate.atlassian.net/browse/HV-1816	external
https://hibernate.org/validator/documentation/mig…	external
https://in.relation.to/2021/01/06/hibernate-valid…	external
https://labs.watchtowr.com/expression-payloads-me…	external
https://www.cve.org/CVERecord?id=CVE-2020-5245	external
https://www.cve.org/CVERecord?id=CVE-2025-4428	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

TIM S.p.A Claudia Bartolini Marco Ventura Massimiliano Brolli

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10924",
        "url": "https://access.redhat.com/errata/RHSA-2025:10924"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "2320848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "2370118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
      },
      {
        "category": "external",
        "summary": "JBEAP-28676",
        "url": "https://issues.redhat.com/browse/JBEAP-28676"
      },
      {
        "category": "external",
        "summary": "JBEAP-28905",
        "url": "https://issues.redhat.com/browse/JBEAP-28905"
      },
      {
        "category": "external",
        "summary": "JBEAP-29217",
        "url": "https://issues.redhat.com/browse/JBEAP-29217"
      },
      {
        "category": "external",
        "summary": "JBEAP-29440",
        "url": "https://issues.redhat.com/browse/JBEAP-29440"
      },
      {
        "category": "external",
        "summary": "JBEAP-29815",
        "url": "https://issues.redhat.com/browse/JBEAP-29815"
      },
      {
        "category": "external",
        "summary": "JBEAP-29862",
        "url": "https://issues.redhat.com/browse/JBEAP-29862"
      },
      {
        "category": "external",
        "summary": "JBEAP-29866",
        "url": "https://issues.redhat.com/browse/JBEAP-29866"
      },
      {
        "category": "external",
        "summary": "JBEAP-29914",
        "url": "https://issues.redhat.com/browse/JBEAP-29914"
      },
      {
        "category": "external",
        "summary": "JBEAP-29969",
        "url": "https://issues.redhat.com/browse/JBEAP-29969"
      },
      {
        "category": "external",
        "summary": "JBEAP-30031",
        "url": "https://issues.redhat.com/browse/JBEAP-30031"
      },
      {
        "category": "external",
        "summary": "JBEAP-30059",
        "url": "https://issues.redhat.com/browse/JBEAP-30059"
      },
      {
        "category": "external",
        "summary": "JBEAP-30264",
        "url": "https://issues.redhat.com/browse/JBEAP-30264"
      },
      {
        "category": "external",
        "summary": "JBEAP-30359",
        "url": "https://issues.redhat.com/browse/JBEAP-30359"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10924.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:12+00:00",
      "generator": {
        "date": "2026-06-10T08:37:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2025:10924",
      "initial_release_date": "2025-07-14T15:56:17+00:00",
      "revision_history": [
        {
          "date": "2025-07-14T15:56:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-14T15:56:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el7eap?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el7eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_id": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native-debuginfo@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10234",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-10-22T01:46:48.739000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
        }
      ],
      "release_date": "2024-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Claudia Bartolini",
            "Marco Ventura",
            "Massimiliano Brolli"
          ],
          "organization": "TIM S.p.A"
        }
      ],
      "cve": "CVE-2025-23366",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-01-14T14:56:40.238000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2337619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has evaluated and the attacker must be authenticated as user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d. This issue requires previous privilege to jeopardize an environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "RHBZ#2337619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366"
        }
      ],
      "release_date": "2025-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting"
    },
    {
      "cve": "CVE-2025-35036",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-06-03T20:00:52.377542+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2370118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Hibernate Validator Expression Language Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "RHBZ#2370118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
          "url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
          "url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
          "url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
          "url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
          "url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
          "url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
          "url": "https://github.com/hibernate/hibernate-validator/pull/1138"
        },
        {
          "category": "external",
          "summary": "https://hibernate.atlassian.net/browse/HV-1816",
          "url": "https://hibernate.atlassian.net/browse/HV-1816"
        },
        {
          "category": "external",
          "summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
          "url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
        },
        {
          "category": "external",
          "summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
          "url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
        },
        {
          "category": "external",
          "summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
          "url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
        }
      ],
      "release_date": "2025-06-03T19:27:42.900000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        },
        {
          "category": "workaround",
          "details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hibernate-validator: Hibernate Validator Expression Language Injection"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
          "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
            "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10925

Vulnerability from csaf_redhat - Published: 2025-07-14 15:56 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036) * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10234

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-23366

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-35036

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Threats

Impact Important

References

70 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10925	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://issues.redhat.com/browse/JBEAP-28676	external
https://issues.redhat.com/browse/JBEAP-28905	external
https://issues.redhat.com/browse/JBEAP-29218	external
https://issues.redhat.com/browse/JBEAP-29440	external
https://issues.redhat.com/browse/JBEAP-29815	external
https://issues.redhat.com/browse/JBEAP-29862	external
https://issues.redhat.com/browse/JBEAP-29866	external
https://issues.redhat.com/browse/JBEAP-29914	external
https://issues.redhat.com/browse/JBEAP-29969	external
https://issues.redhat.com/browse/JBEAP-30031	external
https://issues.redhat.com/browse/JBEAP-30059	external
https://issues.redhat.com/browse/JBEAP-30264	external
https://issues.redhat.com/browse/JBEAP-30359	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-10234	self
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://www.cve.org/CVERecord?id=CVE-2024-10234	external
https://nvd.nist.gov/vuln/detail/CVE-2024-10234	external
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-23366	self
https://bugzilla.redhat.com/show_bug.cgi?id=2337619	external
https://www.cve.org/CVERecord?id=CVE-2025-23366	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23366	external
https://access.redhat.com/security/cve/CVE-2025-35036	self
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://www.cve.org/CVERecord?id=CVE-2025-35036	external
https://nvd.nist.gov/vuln/detail/CVE-2025-35036	external
https://docs.jboss.org/hibernate/stable/validator…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://hibernate.atlassian.net/browse/HV-1816	external
https://hibernate.org/validator/documentation/mig…	external
https://in.relation.to/2021/01/06/hibernate-valid…	external
https://labs.watchtowr.com/expression-payloads-me…	external
https://www.cve.org/CVERecord?id=CVE-2020-5245	external
https://www.cve.org/CVERecord?id=CVE-2025-4428	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

TIM S.p.A Claudia Bartolini Marco Ventura Massimiliano Brolli

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10925",
        "url": "https://access.redhat.com/errata/RHSA-2025:10925"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "2320848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "2370118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
      },
      {
        "category": "external",
        "summary": "JBEAP-28676",
        "url": "https://issues.redhat.com/browse/JBEAP-28676"
      },
      {
        "category": "external",
        "summary": "JBEAP-28905",
        "url": "https://issues.redhat.com/browse/JBEAP-28905"
      },
      {
        "category": "external",
        "summary": "JBEAP-29218",
        "url": "https://issues.redhat.com/browse/JBEAP-29218"
      },
      {
        "category": "external",
        "summary": "JBEAP-29440",
        "url": "https://issues.redhat.com/browse/JBEAP-29440"
      },
      {
        "category": "external",
        "summary": "JBEAP-29815",
        "url": "https://issues.redhat.com/browse/JBEAP-29815"
      },
      {
        "category": "external",
        "summary": "JBEAP-29862",
        "url": "https://issues.redhat.com/browse/JBEAP-29862"
      },
      {
        "category": "external",
        "summary": "JBEAP-29866",
        "url": "https://issues.redhat.com/browse/JBEAP-29866"
      },
      {
        "category": "external",
        "summary": "JBEAP-29914",
        "url": "https://issues.redhat.com/browse/JBEAP-29914"
      },
      {
        "category": "external",
        "summary": "JBEAP-29969",
        "url": "https://issues.redhat.com/browse/JBEAP-29969"
      },
      {
        "category": "external",
        "summary": "JBEAP-30031",
        "url": "https://issues.redhat.com/browse/JBEAP-30031"
      },
      {
        "category": "external",
        "summary": "JBEAP-30059",
        "url": "https://issues.redhat.com/browse/JBEAP-30059"
      },
      {
        "category": "external",
        "summary": "JBEAP-30264",
        "url": "https://issues.redhat.com/browse/JBEAP-30264"
      },
      {
        "category": "external",
        "summary": "JBEAP-30359",
        "url": "https://issues.redhat.com/browse/JBEAP-30359"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10925.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:13+00:00",
      "generator": {
        "date": "2026-06-10T08:37:13+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2025:10925",
      "initial_release_date": "2025-07-14T15:56:17+00:00",
      "revision_history": [
        {
          "date": "2025-07-14T15:56:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-14T15:56:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:13+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 8",
                  "product_id": "8Base-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el8eap?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el8eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el8eap?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                  "product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el8eap?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10234",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-10-22T01:46:48.739000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
        }
      ],
      "release_date": "2024-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Claudia Bartolini",
            "Marco Ventura",
            "Massimiliano Brolli"
          ],
          "organization": "TIM S.p.A"
        }
      ],
      "cve": "CVE-2025-23366",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-01-14T14:56:40.238000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2337619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has evaluated and the attacker must be authenticated as user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d. This issue requires previous privilege to jeopardize an environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "RHBZ#2337619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366"
        }
      ],
      "release_date": "2025-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting"
    },
    {
      "cve": "CVE-2025-35036",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-06-03T20:00:52.377542+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2370118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Hibernate Validator Expression Language Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "RHBZ#2370118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
          "url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
          "url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
          "url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
          "url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
          "url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
          "url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
          "url": "https://github.com/hibernate/hibernate-validator/pull/1138"
        },
        {
          "category": "external",
          "summary": "https://hibernate.atlassian.net/browse/HV-1816",
          "url": "https://hibernate.atlassian.net/browse/HV-1816"
        },
        {
          "category": "external",
          "summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
          "url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
        },
        {
          "category": "external",
          "summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
          "url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
        },
        {
          "category": "external",
          "summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
          "url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
        }
      ],
      "release_date": "2025-06-03T19:27:42.900000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        },
        {
          "category": "workaround",
          "details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hibernate-validator: Hibernate Validator Expression Language Injection"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
          "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:56:17+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
            "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

RHSA-2025:10926

Vulnerability from csaf_redhat - Published: 2025-07-14 15:55 - Updated: 2026-06-10 08:37

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734) * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036) * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234) * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184) * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901) * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-10234

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2251

6.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-2901

No description is available for this CVE.

0.0 (None)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-23184

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2025-23366

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-35036

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-48734

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 60 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Important

References

70 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:10926	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://issues.redhat.com/browse/JBEAP-28676	external
https://issues.redhat.com/browse/JBEAP-28905	external
https://issues.redhat.com/browse/JBEAP-29219	external
https://issues.redhat.com/browse/JBEAP-29440	external
https://issues.redhat.com/browse/JBEAP-29815	external
https://issues.redhat.com/browse/JBEAP-29862	external
https://issues.redhat.com/browse/JBEAP-29866	external
https://issues.redhat.com/browse/JBEAP-29914	external
https://issues.redhat.com/browse/JBEAP-29969	external
https://issues.redhat.com/browse/JBEAP-30031	external
https://issues.redhat.com/browse/JBEAP-30059	external
https://issues.redhat.com/browse/JBEAP-30264	external
https://issues.redhat.com/browse/JBEAP-30359	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-10234	self
https://bugzilla.redhat.com/show_bug.cgi?id=2320848	external
https://www.cve.org/CVERecord?id=CVE-2024-10234	external
https://nvd.nist.gov/vuln/detail/CVE-2024-10234	external
https://access.redhat.com/security/cve/CVE-2025-2251	self
https://bugzilla.redhat.com/show_bug.cgi?id=2351678	external
https://www.cve.org/CVERecord?id=CVE-2025-2251	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2251	external
https://access.redhat.com/security/cve/CVE-2025-2901	self
https://bugzilla.redhat.com/show_bug.cgi?id=2355685	external
https://www.cve.org/CVERecord?id=CVE-2025-2901	external
https://nvd.nist.gov/vuln/detail/CVE-2025-2901	external
https://access.redhat.com/security/cve/CVE-2025-23184	self
https://bugzilla.redhat.com/show_bug.cgi?id=2339095	external
https://www.cve.org/CVERecord?id=CVE-2025-23184	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23184	external
https://lists.apache.org/thread/lfs8l63rnctnj2skf…	external
https://access.redhat.com/security/cve/CVE-2025-23366	self
https://bugzilla.redhat.com/show_bug.cgi?id=2337619	external
https://www.cve.org/CVERecord?id=CVE-2025-23366	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23366	external
https://access.redhat.com/security/cve/CVE-2025-35036	self
https://bugzilla.redhat.com/show_bug.cgi?id=2370118	external
https://www.cve.org/CVERecord?id=CVE-2025-35036	external
https://nvd.nist.gov/vuln/detail/CVE-2025-35036	external
https://docs.jboss.org/hibernate/stable/validator…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://github.com/hibernate/hibernate-validator/…	external
https://hibernate.atlassian.net/browse/HV-1816	external
https://hibernate.org/validator/documentation/mig…	external
https://in.relation.to/2021/01/06/hibernate-valid…	external
https://labs.watchtowr.com/expression-payloads-me…	external
https://www.cve.org/CVERecord?id=CVE-2020-5245	external
https://www.cve.org/CVERecord?id=CVE-2025-4428	external
https://access.redhat.com/security/cve/CVE-2025-48734	self
https://bugzilla.redhat.com/show_bug.cgi?id=2368956	external
https://www.cve.org/CVERecord?id=CVE-2025-48734	external
https://nvd.nist.gov/vuln/detail/CVE-2025-48734	external
https://github.com/advisories/GHSA-wxr5-93ph-8wr9	external
https://github.com/apache/commons-beanutils/commi…	external
https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…	external
https://www.openwall.com/lists/oss-security/2025/…	external

Acknowledgments

Pupi1

ING Hubs Poland Mateusz "MaTTallica" Klement Łukasz Rupala

TIM S.p.A Claudia Bartolini Marco Ventura Massimiliano Brolli

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:10926",
        "url": "https://access.redhat.com/errata/RHSA-2025:10926"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "2320848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
      },
      {
        "category": "external",
        "summary": "2339095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
      },
      {
        "category": "external",
        "summary": "2351678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
      },
      {
        "category": "external",
        "summary": "2355685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
      },
      {
        "category": "external",
        "summary": "2368956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
      },
      {
        "category": "external",
        "summary": "2370118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
      },
      {
        "category": "external",
        "summary": "JBEAP-28676",
        "url": "https://issues.redhat.com/browse/JBEAP-28676"
      },
      {
        "category": "external",
        "summary": "JBEAP-28905",
        "url": "https://issues.redhat.com/browse/JBEAP-28905"
      },
      {
        "category": "external",
        "summary": "JBEAP-29219",
        "url": "https://issues.redhat.com/browse/JBEAP-29219"
      },
      {
        "category": "external",
        "summary": "JBEAP-29440",
        "url": "https://issues.redhat.com/browse/JBEAP-29440"
      },
      {
        "category": "external",
        "summary": "JBEAP-29815",
        "url": "https://issues.redhat.com/browse/JBEAP-29815"
      },
      {
        "category": "external",
        "summary": "JBEAP-29862",
        "url": "https://issues.redhat.com/browse/JBEAP-29862"
      },
      {
        "category": "external",
        "summary": "JBEAP-29866",
        "url": "https://issues.redhat.com/browse/JBEAP-29866"
      },
      {
        "category": "external",
        "summary": "JBEAP-29914",
        "url": "https://issues.redhat.com/browse/JBEAP-29914"
      },
      {
        "category": "external",
        "summary": "JBEAP-29969",
        "url": "https://issues.redhat.com/browse/JBEAP-29969"
      },
      {
        "category": "external",
        "summary": "JBEAP-30031",
        "url": "https://issues.redhat.com/browse/JBEAP-30031"
      },
      {
        "category": "external",
        "summary": "JBEAP-30059",
        "url": "https://issues.redhat.com/browse/JBEAP-30059"
      },
      {
        "category": "external",
        "summary": "JBEAP-30264",
        "url": "https://issues.redhat.com/browse/JBEAP-30264"
      },
      {
        "category": "external",
        "summary": "JBEAP-30359",
        "url": "https://issues.redhat.com/browse/JBEAP-30359"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10926.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
    "tracking": {
      "current_release_date": "2026-06-10T08:37:14+00:00",
      "generator": {
        "date": "2026-06-10T08:37:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2025:10926",
      "initial_release_date": "2025-07-14T15:55:57+00:00",
      "revision_history": [
        {
          "date": "2025-07-14T15:55:57+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-14T15:55:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T08:37:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 9",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 9",
                  "product_id": "9Base-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el9eap?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el9eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                  "product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el9eap?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                "product": {
                  "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                  "product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el9eap?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64"
        },
        "product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10234",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-10-22T01:46:48.739000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
        }
      ],
      "release_date": "2024-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Pupi1"
          ]
        }
      ],
      "cve": "CVE-2025-2251",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2025-03-12T13:33:14.782000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2351678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "RHBZ#2351678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mateusz \"MaTTallica\" Klement",
            "\u0141ukasz Rupala"
          ],
          "organization": "ING Hubs Poland"
        }
      ],
      "cve": "CVE-2025-2901",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-03-28T06:08:36.048000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2355685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "RHBZ#2355685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
        }
      ],
      "release_date": "2025-03-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 0.0,
            "baseSeverity": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
    },
    {
      "cve": "CVE-2025-23184",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-01-21T10:00:44.959656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2339095"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "RHBZ#2339095",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
          "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
        }
      ],
      "release_date": "2025-01-21T09:35:37.468000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Claudia Bartolini",
            "Marco Ventura",
            "Massimiliano Brolli"
          ],
          "organization": "TIM S.p.A"
        }
      ],
      "cve": "CVE-2025-23366",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2025-01-14T14:56:40.238000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2337619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has evaluated and the attacker must be authenticated as user that belongs to management groups \u201cSuperUser\u201d, \u201cAdmin\u201d, or \u201cMaintainer\u201d. This issue requires previous privilege to jeopardize an environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "RHBZ#2337619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23366"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23366"
        }
      ],
      "release_date": "2025-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting"
    },
    {
      "cve": "CVE-2025-35036",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2025-06-03T20:00:52.377542+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2370118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Hibernate Validator Expression Language Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "RHBZ#2370118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
        },
        {
          "category": "external",
          "summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
          "url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
          "url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
          "url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
          "url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
          "url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
          "url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
          "url": "https://github.com/hibernate/hibernate-validator/pull/1138"
        },
        {
          "category": "external",
          "summary": "https://hibernate.atlassian.net/browse/HV-1816",
          "url": "https://hibernate.atlassian.net/browse/HV-1816"
        },
        {
          "category": "external",
          "summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
          "url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
        },
        {
          "category": "external",
          "summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
          "url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
        },
        {
          "category": "external",
          "summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
          "url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
        }
      ],
      "release_date": "2025-06-03T19:27:42.900000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        },
        {
          "category": "workaround",
          "details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hibernate-validator: Hibernate Validator Expression Language Injection"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2025-05-28T14:00:56.619771+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2368956"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "RHBZ#2368956",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
          "url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
        },
        {
          "category": "external",
          "summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
          "url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
          "url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
        }
      ],
      "release_date": "2025-05-28T13:32:08.300000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-14T15:55:57+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-48734 (GCVE-0-2025-48734)

Tags

Sightings

Nomenclature