rhsa-2024:3560
Vulnerability from csaf_redhat
Published
2024-06-03 17:04
Modified
2025-03-24 11:16
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.17 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding
[eap-7.4.z] (CVE-2024-28752)
* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.4.z]
(CVE-2024-1233)
* datatables.net: contents of array not escaped by HTML escape entities function
[eap-7.4.z] (CVE-2021-23445)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.17 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding\n[eap-7.4.z] (CVE-2024-28752)\n\n* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.4.z]\n(CVE-2024-1233)\n\n* datatables.net: contents of array not escaped by HTML escape entities function\n[eap-7.4.z] (CVE-2021-23445)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3560", url: "https://access.redhat.com/errata/RHSA-2024:3560", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "2257732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2257732", }, { category: "external", summary: "2262849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262849", }, { category: "external", summary: "2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "JBEAP-25637", url: "https://issues.redhat.com/browse/JBEAP-25637", }, { category: "external", summary: "JBEAP-25786", url: "https://issues.redhat.com/browse/JBEAP-25786", }, { category: "external", summary: "JBEAP-26406", url: "https://issues.redhat.com/browse/JBEAP-26406", }, { category: "external", summary: "JBEAP-26439", url: "https://issues.redhat.com/browse/JBEAP-26439", }, { category: "external", summary: "JBEAP-26680", url: "https://issues.redhat.com/browse/JBEAP-26680", }, { category: "external", summary: "JBEAP-26692", url: "https://issues.redhat.com/browse/JBEAP-26692", }, { category: "external", summary: "JBEAP-26705", url: "https://issues.redhat.com/browse/JBEAP-26705", }, { category: "external", summary: "JBEAP-26718", url: "https://issues.redhat.com/browse/JBEAP-26718", }, { category: "external", summary: "JBEAP-26782", url: "https://issues.redhat.com/browse/JBEAP-26782", }, { category: "external", summary: "JBEAP-26815", url: "https://issues.redhat.com/browse/JBEAP-26815", }, { category: "external", summary: "JBEAP-26824", url: "https://issues.redhat.com/browse/JBEAP-26824", }, { category: "external", summary: "JBEAP-26828", url: "https://issues.redhat.com/browse/JBEAP-26828", }, { category: "external", summary: "JBEAP-26922", url: "https://issues.redhat.com/browse/JBEAP-26922", }, { category: "external", summary: "JBEAP-26944", url: "https://issues.redhat.com/browse/JBEAP-26944", }, { category: "external", summary: "JBEAP-26959", url: "https://issues.redhat.com/browse/JBEAP-26959", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3560.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update", tracking: { current_release_date: "2025-03-24T11:16:06+00:00", generator: { date: "2025-03-24T11:16:06+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:3560", initial_release_date: "2024-06-03T17:04:02+00:00", revision_history: [ { date: "2024-06-03T17:04:02+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-03T17:04:02+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-24T11:16:06+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", product_id: "eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.17-1.Final_redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-metadata@13.5.0-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.22-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.19-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", product: { name: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", product_id: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xml-security@2.3.4-1.redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", product: { name: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", product_id: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.5.8-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", product: { name: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", product_id: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j@2.4.3-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.32-1.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-discovery@1.2.4-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-36.Final_redhat_00035.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.17-2.GA_redhat_00002.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-8.SP08_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", product_id: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan@11.0.19-2.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.54-3.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.23-2.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-modules@1.12.3-3.Final_redhat_00001.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.17-1.Final_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.17-1.Final_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.17-1.Final_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.17-1.Final_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-metadata@13.5.0-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-metadata-appclient@13.5.0-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-metadata-common@13.5.0-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-metadata-ear@13.5.0-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-metadata-ejb@13.5.0-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-metadata-web@13.5.0-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.22-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.19-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", product: { name: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", product_id: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xml-security@2.3.4-1.redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf@3.5.8-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.8-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.8-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.8-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j@2.4.3-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-bindings@2.4.3-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-policy@2.4.3-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.4.3-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.4.3-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.4.3-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.4.3-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.32-1.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-discovery-client@1.2.4-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-36.Final_redhat_00035.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-36.Final_redhat_00035.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-36.Final_redhat_00035.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.17-2.GA_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.17-2.GA_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.17-2.GA_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.17-2.GA_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.17-2.GA_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.17-2.GA_redhat_00002.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-8.SP08_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-commons@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-core@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.19-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.54-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.23-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.23-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-modules@1.12.3-3.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", }, product_reference: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", }, product_reference: "eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-23445", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2021-09-27T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2257732", }, ], notes: [ { category: "description", text: "An improper neutralization of input vulnerability was found in datatables.net. If an array is passed to the HTML escape entities function, it does not have its contents escaped, possibly leading to cross site scripting (XSS).", title: "Vulnerability description", }, { category: "summary", text: "datatables.net: contents of array not escaped by HTML escape entities function", title: "Vulnerability summary", }, { category: "other", text: "The improper neutralization of input vulnerability in DataTables.net is considered a moderate severity issue because, while it allows for potential cross-site scripting (XSS) attacks, it requires specific conditions to be exploited effectively. An attacker must have the ability to inject malicious input into the system, and the application must pass this input to the HTML escape entities function without proper validation. Although XSS can lead to significant security risks, such as session hijacking and data theft, the impact is somewhat mitigated by the necessity of these preconditions. Moreover, this vulnerability does not compromise the underlying server or database directly, limiting its scope primarily to client-side exploitation.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-23445", }, { category: "external", summary: "RHBZ#2257732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2257732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-23445", url: "https://www.cve.org/CVERecord?id=CVE-2021-23445", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-23445", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-23445", }, { category: "external", summary: "https://cdn.datatables.net/1.11.3/", url: "https://cdn.datatables.net/1.11.3/", }, ], release_date: "2021-09-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-03T17:04:02+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3560", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "datatables.net: contents of array not escaped by HTML escape entities function", }, { acknowledgments: [ { names: [ "Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab", ], }, ], cve: "CVE-2024-1233", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262849", }, ], notes: [ { category: "description", text: "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.", title: "Vulnerability description", }, { category: "summary", text: "EAP: wildfly-elytron has a SSRF security issue", title: "Vulnerability summary", }, { category: "other", text: "The SSRF vulnerability in JwtValidator.resolvePublicKey is considered a moderate severity issue due to its potential to allow unauthorized internal network access and exposure of sensitive information, albeit with certain constraints. The vulnerability leverages the absence of URL whitelisting or filtering when resolving the jku header, which can be exploited to make HTTP requests to arbitrary URLs. While the immediate impact might not directly compromise sensitive data or system integrity, it opens a pathway for attackers to discover and interact with internal services, potentially leading to further exploitation. The exploitation complexity and the need for an attacker to craft a malicious JWT token mitigate the severity to a moderate level, as it requires a certain degree of knowledge and capability to execute effectively.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1233", }, { category: "external", summary: "RHBZ#2262849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262849", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1233", url: "https://www.cve.org/CVERecord?id=CVE-2024-1233", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1233", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1233", }, { category: "external", summary: "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5", url: "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5", }, { category: "external", summary: "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523", url: "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523", }, { category: "external", summary: "https://issues.redhat.com/browse/WFLY-19226", url: "https://issues.redhat.com/browse/WFLY-19226", }, ], release_date: "2024-04-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-03T17:04:02+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3560", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "EAP: wildfly-elytron has a SSRF security issue", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270732", }, ], notes: [ { category: "description", text: "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", title: "Vulnerability description", }, { category: "summary", text: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28752", }, { category: "external", summary: "RHBZ#2270732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28752", url: "https://www.cve.org/CVERecord?id=CVE-2024-28752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", url: "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", }, { category: "external", summary: "https://github.com/advisories/GHSA-qmgx-j96g-4428", url: "https://github.com/advisories/GHSA-qmgx-j96g-4428", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-03T17:04:02+00:00", details: "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3560", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.8-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.8-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.22-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.19-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.19-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.54-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-8.SP08_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-0:13.5.0-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.5.0-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.3-3.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-36.Final_redhat_00035.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-36.Final_redhat_00035.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.32-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.17-2.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.4-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.4-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.23-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.23-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.17-1.Final_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.17-2.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-0:2.4.3-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-policy-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.4.3-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xml-security-0:2.3.4-1.redhat_00002.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.