Search

Find a vulnerability

Search criteria

    86 vulnerabilities found for Red Hat JBoss Enterprise Application Platform 7 by Red Hat

    CVE-2025-12799 (GCVE-0-2025-12799)

    Vulnerability from nvd – Published: 2026-07-07 16:18 – Updated: 2026-07-09 14:42
    VLAI
    Title
    Jastow: jastow cross-site scripting attack due to unsanitized uri
    Summary
    A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:36342 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36343 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36344 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-12799 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2413071 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1-9.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.40.0-7.redhat_00015.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:2.0.0-2.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.8.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.5-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.13.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.11.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.17.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.2-28.redhat_2.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.16.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.18.0-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.10-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.8.12-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.14.0-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.1.0-2.redhat_00010.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-5.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.30.32-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.6.6-5.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.84.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.14.18-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.8-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-2.Final_redhat_1.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.5-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:3.33.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.10.1.202505221210-1.r_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.15.4-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-6.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.0-4.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.0-4.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.13-4.redhat_5.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.10.1-2.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:33.0.0-3.jre_redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.224-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.7.19-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.0.3-3.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.2.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.11-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.10.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.5-4.redhat_00006.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.5.14-5.redhat_00016.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.4.16-6.redhat_00011.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:15.0.21-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.3-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.18-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.18.4-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.18.4-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.8.0-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.4-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-5.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.6-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.3-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.3-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.0.0-6.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-3.redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.2-3.redhat_00006.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.4-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.7-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.3-4.redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.6.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-4.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.3-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.3-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.0.0-8.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.6-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.3.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.7.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.8-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.6.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.19-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.3-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:16.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.5.5-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:10.1.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.31-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-3.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.5.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.3.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-4.SP3_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.1.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.8.16-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-3.redhat_00009.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.2-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.12.7-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.9.6-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.11-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.0-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-1.Final_redhat_3.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.23.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.11.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.1.2-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.1-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.132-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.1.10-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.37.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.7.1-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.3.2-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.7-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.6.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.3-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.14-2.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.4-4.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.12-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.21-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.2.15-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.0-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.0-6.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.17-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.2.2-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.5.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.2-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.6-3.redhat_1.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-7.redhat_00010.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.1.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-4.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.7.0-2.Final_redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.3.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.4-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.4-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.Final.redhat.00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.5-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.0.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.6.3-5.redhat_00008.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.0-2.redhat_12.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.5-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-5.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-3.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-3.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2026-07-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:34:16.067117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:42:47.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1-9.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis-native",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.0.0-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aesh-extensions",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aesh-readline",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-agroal",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-angus",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.5-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-angus-activation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-antlr4",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.13.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-beanutils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-cli",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-codec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.17.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-collections",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.2-28.redhat_2.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-io",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-lang",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf-xjc-utils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-mime4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.8.12-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-sshd",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.0-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-native",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.0.0-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-asyncutil",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.0-2.redhat_00010.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-atinject",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-5.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aws-java-sdk",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.30.32-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-azure-storage",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.6.6-5.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.84.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-byte-buddy",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.18-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-caffeine",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.8-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-commons-logging-jboss-logging",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-2.Final_redhat_1.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-cryptacular",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.5-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ecj",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:3.33.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eclipse-jgit",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.10.1.202505221210-1.r_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-elasticsearch",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.15.4-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-elytron-web",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-expressly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-6.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fastinfoset",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fge-btf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-4.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fge-msg-simple",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-4.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-gnu-getopt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.13-4.redhat_5.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-gson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.1-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-failureaccess",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-3.jre_redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-h2database",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.224-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hal-console",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.19-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-commons-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.0.3-3.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-search",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.2.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hornetq",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.11-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hppc",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.10.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-asyncclient",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.5-4.redhat_00006.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.5.14-5.redhat_00016.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.4.16-6.redhat_00011.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-infinispan",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:15.0.21-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-insights-java-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.3-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-installation-manager-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ironjacamar",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.18-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-coreutils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-databind",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-dataformats-text",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-jaxrs-providers",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-modules-base",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-modules-java8",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-activation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.4-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-annotation-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-5.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-authentication-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-authorization-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-batch-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-ejb-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-concurrent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-concurrent-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-lang-model",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-interceptor-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-jms-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-json",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.6-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-json-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.3-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-mail",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.3-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-resource-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-security-enterprise-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.0.0-6.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-jsp-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-transaction-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-3.redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-validation-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-3.redhat_00006.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-websocket",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-ws-rs-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-xml-bind-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.4-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jandex",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.7-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jansi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jasypt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.3-4.redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-java-classmate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaee-jpa-spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-4.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaee-security-soteria",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.3-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaewah",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.3-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javapackages-tools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.0.0-8.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxbintros",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jberet",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-aesh",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-cert-helper",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.3-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-classfilewriter",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-common-beans",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-dmr",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-ejb3-ext-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-ejb-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.8-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-genericjms",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-iiop-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-invocation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-jakarta-xml-ws-api_4.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-logging",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.19-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-marshalling",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.3-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-metadata",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:16.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-modules",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-msc",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.5-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-openjdk-orb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:10.1.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-remoting",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.31-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-remoting-jmx",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-3.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-saaj-api_3.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-stdio",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-transaction-spi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-vfs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-weld-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-4.SP3_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-common",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-common-tools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-jaxws-undertow-httpspi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-spi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-xnio-base",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.16-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jctools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-aws",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-azure",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-kubernetes",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-joda-time",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.7-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jose4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.9.6-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jsf-impl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.11-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jsonb-spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-json-patch",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jul-to-slf4j-stub",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-1.Final_redhat_3.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-log4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.23.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-log4j2-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-lucene-solr",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.11.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-mod_cluster",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-narayana",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.1.2-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-neethi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.1-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.132-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.132-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty-xnio-transport",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.10-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-nimbus-jose-jwt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.37.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-objectweb-asm",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.7.1-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-opensaml",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.3.2-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-parsson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.7-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-pem-keystore",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-plexus-utils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-protoparser",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.3-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-protostream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.14-2.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactive-streams",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.4-4.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactivex-rxjava",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.12-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactivex-rxjava2",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.21-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resilience4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.2.15-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy-extensions",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy-spring",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.0-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-saaj-impl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-shibboleth-java-support",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.0-6.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.17-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-snakeyaml",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-stax2-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.2-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-stax-ex",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-staxmapper",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-sun-istack-commons",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.2-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-vdx",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.6-3.redhat_1.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-velocity",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-7.redhat_00010.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-weld-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-client-config",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-4.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-common",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-2.Final_redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-discovery",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron-ee",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.4-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-http-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.4-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-naming-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-openssl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-openssl-el10-x86_64",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.Final.redhat.00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-transaction-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.5-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-woodstox-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.0.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ws-commons-XmlSchema",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wsdl4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.3-5.redhat_00008.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wss4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-xml-commons-resolver",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-2.redhat_12.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-xml-security",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.5-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-yasson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-5.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk11-openshift-rhel8/eap74-els-openjdk11-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk17-openshift-rhel8/eap74-els-openjdk17-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk8-openshift-rhel8/eap74-els-openjdk8-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jboss-eap-7/eap74-els-openjdk17-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jboss-eap-7/eap74-els-openjdk8-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T00:00:08.461Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:36342",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36342"
            },
            {
              "name": "RHSA-2026:36343",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36343"
            },
            {
              "name": "RHSA-2026:36344",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36344"
            },
            {
              "name": "RHSA-2026:36345",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36345"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12799"
            },
            {
              "name": "RHBZ#2413071",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413071"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-06T11:09:24.742Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Jastow: jastow cross-site scripting attack due to unsanitized uri",
          "workarounds": [
            {
              "lang": "en",
              "value": "It is possible to contruct successful attack vector if and only if customer or client is using embedded Undertow and Jastow together in their application and the following conditions are met:\n * Undertow was configured with UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL set to \u0027true\u0027 value\n * DeploymentInfo configured with setEscapeErrorMessage(true) method was passed to Undertow\u0027s Servlet Container instance"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12799",
        "datePublished": "2026-07-07T16:18:57.555Z",
        "dateReserved": "2025-11-06T11:15:12.378Z",
        "dateUpdated": "2026-07-09T14:42:47.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28369 (GCVE-0-2026-28369)

    Vulnerability from nvd – Published: 2026-03-27 16:13 – Updated: 2026-06-10 21:05
    VLAI
    Title
    Undertow: undertow: request smuggling via malformed http request headers
    Summary
    A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:25125 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-28369 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2443262 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.40.0-7.redhat_00015.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.40.0-7.redhat_00015.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-28T03:55:51.631071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-29T13:56:11.063Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T21:05:10.640Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:25125",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25125"
            },
            {
              "name": "RHSA-2026:25126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25126"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-28369"
            },
            {
              "name": "RHBZ#2443262",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443262"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-27T04:39:59.064Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: undertow: request smuggling via malformed http request headers",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-28369",
        "datePublished": "2026-03-27T16:13:05.719Z",
        "dateReserved": "2026-02-27T04:42:16.439Z",
        "dateUpdated": "2026-06-10T21:05:10.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28368 (GCVE-0-2026-28368)

    Vulnerability from nvd – Published: 2026-03-27 16:13 – Updated: 2026-06-29 09:26
    VLAI
    Title
    Undertow: undertow: request smuggling via inconsistent header parsing
    Summary
    A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:25125 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-28368 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2443261 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.40.0-7.redhat_00015.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.40.0-7.redhat_00015.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T18:49:45.702271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T19:57:36.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T09:26:59.511Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:25125",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25125"
            },
            {
              "name": "RHSA-2026:25126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25126"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-28368"
            },
            {
              "name": "RHBZ#2443261",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443261"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-27T04:39:57.578Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: undertow: request smuggling via inconsistent header parsing",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-28368",
        "datePublished": "2026-03-27T16:13:03.775Z",
        "dateReserved": "2026-02-27T04:42:16.439Z",
        "dateUpdated": "2026-06-29T09:26:59.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28367 (GCVE-0-2026-28367)

    Vulnerability from nvd – Published: 2026-03-27 16:13 – Updated: 2026-06-29 09:26
    VLAI
    Title
    Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator
    Summary
    A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:25125 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-28367 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2443260 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.40.0-7.redhat_00015.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.40.0-7.redhat_00015.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T13:27:40.351547Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T13:27:54.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\\r\\r\\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T09:26:59.597Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:25125",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25125"
            },
            {
              "name": "RHSA-2026:25126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25126"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-28367"
            },
            {
              "name": "RHBZ#2443260",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443260"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-27T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: undertow: request smuggling via `\\r\\r\\r` as a header block terminator",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, configure any proxy servers positioned in front of Undertow to strictly validate HTTP header terminations. Ensure that these proxies are configured to reject or normalize non-standard header block terminators, such as `\\r\\r\\r`, before forwarding requests to Undertow. This operational control helps prevent request smuggling attacks by ensuring that only properly formed HTTP requests reach the Undertow server."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-28367",
        "datePublished": "2026-03-27T16:13:05.108Z",
        "dateReserved": "2026-02-27T04:42:16.439Z",
        "dateUpdated": "2026-06-29T09:26:59.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3260 (GCVE-0-2026-3260)

    Vulnerability from nvd – Published: 2026-03-24 04:11 – Updated: 2026-07-07 19:50
    VLAI

    The Undertow web server enforces a default maximum HTTP request entity size limit. Any request (including GET or HEAD) containing a body that exceeds this configurable limit is safely dropped by the server, preventing single-request Resource Exhaustion (Out of Memory) Denial of Service attacks.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-07-07T19:50:22.087Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "The Undertow web server enforces a default maximum HTTP request entity size limit. Any request (including GET or HEAD) containing a body that exceeds this configurable limit is safely dropped by the server, preventing single-request Resource Exhaustion (Out of Memory) Denial of Service attacks."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-3260",
        "datePublished": "2026-03-24T04:11:16.085Z",
        "dateRejected": "2026-07-07T19:50:22.087Z",
        "dateReserved": "2026-02-26T14:22:15.920Z",
        "dateUpdated": "2026-07-07T19:50:22.087Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4027 (GCVE-0-2024-4027)

    Vulnerability from nvd – Published: 2026-01-30 14:25 – Updated: 2026-06-30 12:06
    VLAI
    Title
    Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks
    Summary
    A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4 for Quarkus 3     cpe:/a:redhat:camel_quarkus:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 3     cpe:/a:redhat:camel_spring_boot:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse Service Works 6     cpe:/a:redhat:jboss_fuse_service_works:6
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat streams for Apache Kafka     cpe:/a:redhat:amq_streams:1
    Create a notification for this product.
    Date Public
    2026-01-30 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4027",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-30T14:41:20.519260Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-30T14:41:46.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:service_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apicurio Registry 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quarkus:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Quarkus",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Fuse 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:integration:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Integration Camel K 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Data Grid 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse_service_works:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Fuse Service Works 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Process Automation 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Data Grid 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "unknown",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_hawtio:4"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of Apache Camel - HawtIO 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:camel_quarkus:3"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of Apache Camel 4 for Quarkus 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:camel_spring_boot:3"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of Apache Camel for Spring Boot 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:camel_spring_boot:4"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of Apache Camel for Spring Boot 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat Build of Keycloak",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:optaplanner:::el6"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of OptaPlanner 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_streams:1"
                ],
                "defaultStatus": "unknown",
                "product": "streams for Apache Kafka",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-30T14:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:30.892Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-4027"
              },
              {
                "name": "RHBZ#2276410",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276410"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4027.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2024-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-30T14:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "undertow: OutOfMemoryError in HttpServletRequestImpl.getParameterNames() can cause remote DoS attacks",
            "workarounds": [
              {
                "lang": "en",
                "value": "Currently no mitigation is available for this vulnerability. Please make sure to perform the update as they become available."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 4 for Quarkus 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:optaplanner:::el6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of OptaPlanner 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse_service_works:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Fuse Service Works 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_streams:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "streams for Apache Kafka",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-01-30T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T23:30:30.668Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4027"
            },
            {
              "name": "RHBZ#2276410",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276410"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-22T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-30T14:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently no mitigation is available for this vulnerability. Please make sure to perform the update as they become available."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-4027",
        "datePublished": "2026-01-30T14:25:54.405Z",
        "dateReserved": "2024-04-22T13:10:21.747Z",
        "dateUpdated": "2026-06-30T12:06:30.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0603 (GCVE-0-2026-0603)

    Vulnerability from nvd – Published: 2026-01-23 06:31 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection
    Summary
    A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:4915 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4917 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6011 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6012 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-0603 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2427147 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Affected: 5.2.8 , ≤ 5.6.15 (semver)
    Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 5.3.38.Final-redhat-00001 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:5.1.17-4.Final_redhat_00005.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:7.1.14-4.GA_redhat_00003.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:5.3.38-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.17-5.GA_redhat_00006.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:5.3.38-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:5.3.38-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:5.3.38-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
    Create a notification for this product.
    Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 8     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 9     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform     cpe:/a:redhat:jboss_enterprise_application_platform::el7
    Create a notification for this product.
    Date Public
    2026-01-19 10:10
    Credits
    Red Hat would like to thank Christiaan Swiers (YouGina) and Tommy Williams (HeroDevs) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-24T04:55:25.177681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:24.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_broker:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AMQ Broker 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:optaplanner:::el6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of OptaPlanner 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Fuse 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Process Automation 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Data Grid 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-19T10:10:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:13.526Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-0603"
              },
              {
                "name": "RHBZ#2427147",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0603.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6012"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6011"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4915"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4916"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4917"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4924"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:6012: Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6011: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4915: Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4916: Red Hat JBoss EAP 7.4 ELS for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4917: Red Hat JBoss EAP 7.4 ELS for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4924: Red Hat JBoss Enterprise Application Platform"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-05T13:12:29.816Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-19T10:10:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/hibernate/hibernate-orm",
              "defaultStatus": "unaffected",
              "packageName": "org.hibernate/hibernate-core",
              "versions": [
                {
                  "lessThanOrEqual": "5.6.15",
                  "status": "affected",
                  "version": "5.2.8",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "affected",
              "packageName": "org.hibernate/hibernate-core",
              "product": "Red Hat JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "5.3.38.Final-redhat-00001",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.17-4.Final_redhat_00005.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.1.14-4.GA_redhat_00003.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.3.38-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.17-5.GA_redhat_00006.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.3.38-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.3.38-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.3.38-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:optaplanner:::el6"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat build of OptaPlanner 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-trustyai-service-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-trustyai-service-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "devspaces/openvsx-rhel9",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "devspaces/pluginregistry-rhel9",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite:el8/candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Christiaan Swiers (YouGina) and Tommy Williams (HeroDevs) for reporting this issue."
            }
          ],
          "datePublic": "2026-01-19T10:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T04:11:12.867Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:4915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4915"
            },
            {
              "name": "RHSA-2026:4916",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4916"
            },
            {
              "name": "RHSA-2026:4917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4917"
            },
            {
              "name": "RHSA-2026:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4924"
            },
            {
              "name": "RHSA-2026:6011",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:6011"
            },
            {
              "name": "RHSA-2026:6012",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:6012"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0603"
            },
            {
              "name": "RHBZ#2427147",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-05T13:12:29.816Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-19T10:10:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0603",
        "datePublished": "2026-01-23T06:31:38.975Z",
        "dateReserved": "2026-01-05T13:18:55.616Z",
        "dateUpdated": "2026-06-30T12:07:13.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12543 (GCVE-0-2025-12543)

    Vulnerability from nvd – Published: 2026-01-07 16:04 – Updated: 2026-06-30 03:15
    VLAI
    Title
    Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
    Summary
    A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:0383 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0384 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0386 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33371 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33372 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3889 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3890 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3892 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4915 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4917 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-12543 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2408784 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11     cpe:/a:redhat:apache_camel_spring_boot:4.14
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 2.2.39.Final-redhat-00001 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.4.18-21.SP19_redhat_00001.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-8.SP9_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.83.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.6-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.0-3.redhat_00009.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.83.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.6-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.0-3.redhat_00009.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.82.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.0.1-3.redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.5.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.82.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.0.1-3.redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.5.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 8     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 8.0 for RHEL 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 8.1 for RHEL 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 9     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 8.0 for RHEL 9     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 8.1 for RHEL 9     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform     cpe:/a:redhat:jboss_enterprise_application_platform::el7
    Create a notification for this product.
    Date Public
    2026-01-08 00:00
    Credits
    Red Hat would like to thank Ahmet Artuç for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12543",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T03:55:30.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 8.0 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 8.1 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 8.0 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 8.1 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 8.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 8.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_spring_boot:4.14"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Data Grid 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Fuse 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Process Automation 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_hawtio:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat build of Apache Camel - HawtIO 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-08T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:15:36.209Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
              },
              {
                "name": "RHBZ#2408784",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12543.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33372"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33371"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4915"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4916"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3889"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0383"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4917"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3891"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0384"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3892"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0386"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4924"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3890"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:33372: Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4915: Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4916: Red Hat JBoss EAP 7.4 ELS for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3889: Red Hat JBoss EAP 8.0 for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0383: Red Hat JBoss EAP 8.1 for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4917: Red Hat JBoss EAP 7.4 ELS for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3891: Red Hat JBoss EAP 8.0 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0384: Red Hat JBoss EAP 8.1 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3892: Red Hat JBoss Enterprise Application Platform 8.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0386: Red Hat JBoss Enterprise Application Platform 8.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4924: Red Hat JBoss Enterprise Application Platform"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3890: Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-10-31T06:15:35.424Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-08T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.14"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow/undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.39.Final-redhat-00001",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.18-21.SP19_redhat_00001.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-8.SP9_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Ahmet Artu\u00e7 for reporting this issue."
            }
          ],
          "datePublic": "2026-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T02:46:49.150Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0383"
            },
            {
              "name": "RHSA-2026:0384",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0384"
            },
            {
              "name": "RHSA-2026:0386",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0386"
            },
            {
              "name": "RHSA-2026:33371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33371"
            },
            {
              "name": "RHSA-2026:33372",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33372"
            },
            {
              "name": "RHSA-2026:3889",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3889"
            },
            {
              "name": "RHSA-2026:3890",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3890"
            },
            {
              "name": "RHSA-2026:3891",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3891"
            },
            {
              "name": "RHSA-2026:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3892"
            },
            {
              "name": "RHSA-2026:4915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4915"
            },
            {
              "name": "RHSA-2026:4916",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4916"
            },
            {
              "name": "RHSA-2026:4917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4917"
            },
            {
              "name": "RHSA-2026:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4924"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
            },
            {
              "name": "RHBZ#2408784",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-31T06:15:35.424Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12543",
        "datePublished": "2026-01-07T16:04:22.155Z",
        "dateReserved": "2025-10-31T06:48:03.659Z",
        "dateUpdated": "2026-06-30T03:15:36.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3884 (GCVE-0-2024-3884)

    Vulnerability from nvd – Published: 2025-12-03 18:40 – Updated: 2026-07-07 15:54
    VLAI
    Title
    Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
    Summary
    A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:0383 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0384 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0386 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3889 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3892 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4915 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4917 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6011 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6012 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-3884 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2275287 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 2.2.39.Final-redhat-00001 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.4.18-19.SP17_redhat_00001.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:7.1.14-4.GA_redhat_00003.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-7.SP8_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.17-5.GA_redhat_00006.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.83.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.6-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.0-3.redhat_00009.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.83.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.6-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.0-3.redhat_00009.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.82.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.0.1-3.redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.5.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.82.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.0.1-3.redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.5.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4 for Quarkus 3     cpe:/a:redhat:camel_quarkus:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 3     cpe:/a:redhat:camel_spring_boot:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat Integration Camel Quarkus 2     cpe:/a:redhat:camel_quarkus:2
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse Service Works 6     cpe:/a:redhat:jboss_fuse_service_works:6
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat streams for Apache Kafka     cpe:/a:redhat:amq_streams:1
    Create a notification for this product.
    Date Public
    2025-12-03 16:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3884",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-03T20:50:16.644717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-03T20:55:19.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow/undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.39.Final-redhat-00001",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.18-19.SP17_redhat_00001.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.1.14-4.GA_redhat_00003.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-7.SP8_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.17-5.GA_redhat_00006.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 4 for Quarkus 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:optaplanner:::el6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of OptaPlanner 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel Quarkus 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse_service_works:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Fuse Service Works 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_streams:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "streams for Apache Kafka",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-12-03T16:50:50.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:54:13.328Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0383"
            },
            {
              "name": "RHSA-2026:0384",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0384"
            },
            {
              "name": "RHSA-2026:0386",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0386"
            },
            {
              "name": "RHSA-2026:3889",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3889"
            },
            {
              "name": "RHSA-2026:3891",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3891"
            },
            {
              "name": "RHSA-2026:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3892"
            },
            {
              "name": "RHSA-2026:4915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4915"
            },
            {
              "name": "RHSA-2026:4916",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4916"
            },
            {
              "name": "RHSA-2026:4917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4917"
            },
            {
              "name": "RHSA-2026:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4924"
            },
            {
              "name": "RHSA-2026:6011",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:6011"
            },
            {
              "name": "RHSA-2026:6012",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:6012"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-3884"
            },
            {
              "name": "RHBZ#2275287",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-16T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-12-03T16:50:50.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded",
          "workarounds": [
            {
              "lang": "en",
              "value": "It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-3884",
        "datePublished": "2025-12-03T18:40:25.606Z",
        "dateReserved": "2024-04-16T13:30:53.755Z",
        "dateUpdated": "2026-07-07T15:54:13.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9784 (GCVE-0-2025-9784)

    Vulnerability from nvd – Published: 2025-09-02 13:37 – Updated: 2026-06-30 02:46
    VLAI
    Title
    Undertow: undertow madeyoureset http/2 ddos vulnerability
    Summary
    A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.2.38.Final (semver)
    Red Hat Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8     cpe:/a:redhat:apache_camel_spring_boot:4.14
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 2.2.39.Final-redhat-00001 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.4.18-21.SP19_redhat_00001.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-8.SP9_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.83.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.6-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.0-3.redhat_00009.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.83.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.6-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.0-3.redhat_00009.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.82.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.0.1-3.redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.5.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.82.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.0.1-3.redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.5.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-09-01 06:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T13:55:22.694531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-404",
                    "description": "CWE-404 Improper Resource Shutdown or Release",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-19T15:07:25.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:07:57.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/767506"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/undertow-io/undertow/",
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "versions": [
                {
                  "lessThan": "2.2.38.Final",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.14"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow/undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.39.Final-redhat-00001",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.18-21.SP19_redhat_00001.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-8.SP9_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-09-01T06:21:54.614Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T02:46:43.628Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:23143",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23143"
            },
            {
              "name": "RHSA-2026:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0383"
            },
            {
              "name": "RHSA-2026:0384",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0384"
            },
            {
              "name": "RHSA-2026:0386",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0386"
            },
            {
              "name": "RHSA-2026:33371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33371"
            },
            {
              "name": "RHSA-2026:33372",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33372"
            },
            {
              "name": "RHSA-2026:3889",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3889"
            },
            {
              "name": "RHSA-2026:3891",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3891"
            },
            {
              "name": "RHSA-2026:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3892"
            },
            {
              "name": "RHSA-2026:4915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4915"
            },
            {
              "name": "RHSA-2026:4916",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4916"
            },
            {
              "name": "RHSA-2026:4917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4917"
            },
            {
              "name": "RHSA-2026:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4924"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-9784"
            },
            {
              "name": "RHBZ#2392306",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
            },
            {
              "url": "https://github.com/undertow-io/undertow/pull/1778"
            },
            {
              "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
            },
            {
              "url": "https://issues.redhat.com/browse/UNDERTOW-2598"
            },
            {
              "url": "https://kb.cert.org/vuls/id/767506"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-01T06:19:20.938Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-09-01T06:21:54.614Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: undertow madeyoureset http/2 ddos vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-9784",
        "datePublished": "2025-09-02T13:37:59.772Z",
        "dateReserved": "2025-09-01T06:33:05.239Z",
        "dateUpdated": "2026-06-30T02:46:43.628Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5731 (GCVE-0-2025-5731)

    Vulnerability from nvd – Published: 2025-06-26 21:28 – Updated: 2026-01-08 03:11
    VLAI
    Title
    Infinispan: credential leakage in infinispan cli
    Summary
    A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:10130 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-5731 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2370429 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2025-06-26 21:24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T13:13:26.599882Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T13:13:36.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/infinispan/infinispan",
              "defaultStatus": "unaffected",
              "packageName": "infinispan",
              "product": "infinispan",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "15.2.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "infinispan-cli-client",
              "product": "Red Hat Data Grid 8.5.4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "infinispan-cli-client",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "infinispan-cli-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "infinispan-cli-client",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-06-26T21:24:21.857Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T03:11:10.828Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:10130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10130"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5731"
            },
            {
              "name": "RHBZ#2370429",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370429"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-05T13:42:15.727Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-26T21:24:21.857Z",
              "value": "Made public."
            }
          ],
          "title": "Infinispan: credential leakage in infinispan cli",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5731",
        "datePublished": "2025-06-26T21:28:59.501Z",
        "dateReserved": "2025-06-05T13:48:09.202Z",
        "dateUpdated": "2026-01-08T03:11:10.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2240 (GCVE-0-2025-2240)

    Vulnerability from nvd – Published: 2025-03-12 14:55 – Updated: 2026-05-06 16:47
    VLAI
    Title
    Smallrye-fault-tolerance: smallrye fault tolerance
    Summary
    A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1325 - Improperly Controlled Sequential Memory Allocation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 6.3.0 , < 6.4.2 (semver)
    Affected: 6.5.0 , < 6.9.0 (semver)
    Red Hat Red Hat build of Apache Camel 4.8.5 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:4.8.5
    Create a notification for this product.
    Red Hat Red Hat Build of Apache Camel 4.8 for Quarkus 3.15     cpe:/a:redhat:camel_quarkus:3.15
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus 3.15.4     cpe:/a:redhat:quarkus:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 3     cpe:/a:redhat:apicurio_registry:3
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Date Public
    2025-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:08:58.646132Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T15:37:42.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/smallrye/smallrye-fault-tolerance",
              "defaultStatus": "unaffected",
              "packageName": "smallrye-fault-tolerance-core",
              "versions": [
                {
                  "lessThan": "6.4.2",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.9.0",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.8.5"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat build of Apache Camel 4.8.5 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3.15"
              ],
              "defaultStatus": "unaffected",
              "packageName": "com.redhat.quarkus.platform/quarkus-camel-bom",
              "product": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3.15"
              ],
              "defaultStatus": "unaffected",
              "packageName": "com.redhat.quarkus.platform/quarkus-cxf-bom",
              "product": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:quarkus:3.15::el8"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat build of Quarkus 3.15.4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apicurio_registry:3"
              ],
              "defaultStatus": "affected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat build of Apicurio Registry 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-apiimpl",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "smallrye-fault-tolerance-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "smallrye-fault-tolerance-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "smallrye-fault-tolerance-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1325",
                  "description": "Improperly Controlled Sequential Memory Allocation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T16:47:49.252Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:3376",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3376"
            },
            {
              "name": "RHSA-2025:3541",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3541"
            },
            {
              "name": "RHSA-2025:3543",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3543"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-2240"
            },
            {
              "name": "RHBZ#2351452",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351452"
            },
            {
              "url": "https://github.com/advisories/GHSA-gfh6-3pqw-x2j4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-12T02:23:44.660Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-03-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Smallrye-fault-tolerance: smallrye fault tolerance",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1325: Improperly Controlled Sequential Memory Allocation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-2240",
        "datePublished": "2025-03-12T14:55:15.889Z",
        "dateReserved": "2025-03-12T02:36:02.101Z",
        "dateUpdated": "2026-05-06T16:47:49.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23368 (GCVE-0-2025-23368)

    Vulnerability from nvd – Published: 2025-03-04 15:14 – Updated: 2026-06-30 02:47
    VLAI
    Title
    Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli
    Summary
    A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ * (semver)
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.18-3.GA_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.6-5.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.6-5.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-03-03 00:00
    Credits
    Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T15:57:14.702481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T15:57:33.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/wildfly/wildfly-core",
              "defaultStatus": "unknown",
              "packageName": "wildfly-core",
              "versions": [
                {
                  "lessThanOrEqual": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.18-3.GA_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-5.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-5.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue."
            }
          ],
          "datePublic": "2025-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T02:47:11.489Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:18054",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:18054"
            },
            {
              "name": "RHSA-2026:18055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:18055"
            },
            {
              "name": "RHSA-2026:18059",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:18059"
            },
            {
              "name": "RHSA-2026:33371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33371"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-23368"
            },
            {
              "name": "RHBZ#2337621",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621"
            },
            {
              "url": "https://www.gruppotim.it/it/footer/red-team.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-14T14:56:46.792Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-03-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli",
          "workarounds": [
            {
              "lang": "en",
              "value": "The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-23368",
        "datePublished": "2025-03-04T15:14:47.806Z",
        "dateReserved": "2025-01-14T15:23:42.646Z",
        "dateUpdated": "2026-06-30T02:47:11.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-11831 (GCVE-0-2024-11831)

    Vulnerability from nvd – Published: 2025-02-10 15:27 – Updated: 2026-07-01 14:01
    VLAI
    Title
    Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
    Summary
    A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHBA-2025:0304 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0381 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1334 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21068 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21203 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3870 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4511 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8059 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8078 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8233 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8479 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8544 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8551 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:9294 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:1536 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:2769 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-11831 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2312579 issue-trackingx_refsource_REDHAT
    https://github.com/yahoo/serialize-javascript/com…
    https://github.com/yahoo/serialize-javascript/pull/173
    Impacted products
    Vendor Product Version
    Affected: 6.0 , < 6.0.2 (semver)
    Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.8-2 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.6-2 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 7.1 Unaffected: 2:18.2.1-381.el8cp , < * (rpm)
        cpe:/a:redhat:ceph_storage:7.1::el8
        cpe:/a:redhat:ceph_storage:7.1::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8.1 Unaffected: 2:19.2.1-292.el9cp , < * (rpm)
        cpe:/a:redhat:ceph_storage:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9.0 Unaffected: 2:20.1.0-144.el10cp , < * (rpm)
        cpe:/a:redhat:ceph_storage:9.0::el10
        cpe:/a:redhat:ceph_storage:9.0::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.0.112-1.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:8.0.112-1.el9_5 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat RHODF-4.14-RHEL-9 Unaffected: v4.14.18-2 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.14::el9
    Create a notification for this product.
    Red Hat RHODF-4.14-RHEL-9 Unaffected: v4.14.18-3 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.14::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.14-2 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.16-RHEL-9 Unaffected: v4.16.10-4 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat RHODF-4.16-RHEL-9 Unaffected: v4.16.10-3 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat RHODF-4.17-RHEL-9 Unaffected: v4.17.7-2 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.17::el9
    Create a notification for this product.
    Red Hat RHODF-4.18-RHEL-9 Unaffected: v4.18.2-8 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.18::el9
    Create a notification for this product.
    Red Hat RHODF-4.18-RHEL-9 Unaffected: v4.18.2-7 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8 Unaffected: 8 , < * (rpm)
        cpe:/a:redhat:ceph_storage:8::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9.0 Unaffected: 1776359884 , < * (rpm)
        cpe:/a:redhat:ceph_storage:9.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.14.6 Unaffected: v1.14.6-1744143767 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.14::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.15 Unaffected: v1.15.3-1746939886 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.15 Unaffected: v1.15.3-1746936251 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.16 Unaffected: v1.16.4-1747983385 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.16::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.16 Unaffected: v1.16.4-1747979846 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.16::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.17 Unaffected: v1.17.2-1749452800 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.17::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.17 Unaffected: v1.17.2-1750066936 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.17::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.18.0 Unaffected: v1.18.1-1747749913 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.19 Unaffected: v1.19.0-1752127853 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.19::el9
    Create a notification for this product.
    Red Hat Cryostat 3     cpe:/a:redhat:cryostat:3
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:5
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization     cpe:/a:redhat:migration_toolkit_virtualization:2
    Create a notification for this product.
    Red Hat .NET 6.0 on Red Hat Enterprise Linux     cpe:/a:redhat:rhel_dotnet:6.0
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 7     cpe:/a:redhat:ceph_storage:7
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8     cpe:/a:redhat:ceph_storage:8
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9     cpe:/a:redhat:ceph_storage:9
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Discovery 1     cpe:/a:redhat:discovery:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3     cpe:/a:redhat:openshift_distributed_tracing:3
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat Trusted Profile Analyzer     cpe:/a:redhat:trusted_profile_analyzer:1
    Create a notification for this product.
    Date Public
    2024-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T17:08:31.160473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-10T17:08:44.112Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/yahoo/serialize-javascript",
              "packageName": "serialize-javascript",
              "versions": [
                {
                  "lessThan": "6.0.2",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.8-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7.1::el8",
                "cpe:/a:redhat:ceph_storage:7.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ceph",
              "product": "Red Hat Ceph Storage 7.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:18.2.1-381.el8cp",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ceph",
              "product": "Red Hat Ceph Storage 8.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:19.2.1-292.el9cp",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:9.0::el10",
                "cpe:/a:redhat:ceph_storage:9.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ceph",
              "product": "Red Hat Ceph Storage 9.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:20.1.0-144.el10cp",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "dotnet8.0",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.112-1.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "dotnet8.0",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.112-1.el9_5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.14-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.14.18-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.14-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.14.18-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.14-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.14.18-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.14-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.14-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.14-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.10-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.10-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.10-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.17-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.7-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.17-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.7-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.17-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.7-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.18-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.2-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.18-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.2-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.18-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.2-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhceph/rhceph-8-rhel9",
              "product": "Red Hat Ceph Storage 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:9.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhceph/rhceph-9-rhel9",
              "product": "Red Hat Ceph Storage 9.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1776359884",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.14.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.14.6-1744143767",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.15.3-1746939886",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.15.3-1746936251",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.16::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.4-1747983385",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.16::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.4-1747979846",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.17::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.17.2-1749452800",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.17::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.17.2-1750066936",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel9",
              "product": "Red Hat OpenShift Pipelines 1.18.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.18.1-1747749913",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel9",
              "product": "Red Hat OpenShift Pipelines 1.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.19.0-1752127853",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cryostat:3"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Cryostat 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:logging:5"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/kibana6-rhel8",
              "product": "Logging Subsystem for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_virtualization:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "migration-toolkit-virtualization/mtv-console-plugin-rhel9",
              "product": "Migration Toolkit for Virtualization",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_dotnet:6.0"
              ],
              "defaultStatus": "unknown",
              "packageName": "rh-dotnet60-dotnet",
              "product": ".NET 6.0 on Red Hat Enterprise Linux",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_lightspeed"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-lightspeed-beta/lightspeed-console-plugin-rhel9",
              "product": "OpenShift Lightspeed",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-api-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-db-migration-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_mesh:2"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-service-mesh/kiali-ossmc-rhel8",
              "product": "OpenShift Service Mesh 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_mesh:2"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-service-mesh/kiali-rhel8",
              "product": "OpenShift Service Mesh 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:red_hat_3scale_amp:2"
              ],
              "defaultStatus": "affected",
              "packageName": "3scale-amp-system-container",
              "product": "Red Hat 3scale API Management Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:acm:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhacm2/console-rhel8",
              "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "aap-cloud-ui-container",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/lightspeed-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:optaplanner:::el6"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat build of OptaPlanner 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "grafana",
              "product": "Red Hat Ceph Storage 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libarrow",
              "product": "Red Hat Ceph Storage 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pybind",
              "product": "Red Hat Ceph Storage 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "grafana",
              "product": "Red Hat Ceph Storage 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libarrow",
              "product": "Red Hat Ceph Storage 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libarrow",
              "product": "Red Hat Ceph Storage 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:9"
              ],
              "defaultStatus": "affected",
              "packageName": "pybind",
              "product": "Red Hat Ceph Storage 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhdh-hub-container",
              "product": "Red Hat Developer Hub",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:1"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery-server-container",
              "product": "Red Hat Discovery 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "dotnet8.0",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "dotnet6.0",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pcs",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "dotnet6.0",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "dotnet7.0",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pcs",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "odh-dashboard-container",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-dashboard-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-data-science-pipelines-argo-argoexec-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-data-science-pipelines-argo-workflowcontroller-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-kf-notebook-controller-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-api-server-v2-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-driver-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-launcher-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-persistenceagent-v2-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-scheduledworkflow-v2-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-model-registry-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "odh-notebook-controller-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "odh-operator-container",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:3.11"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift3/ose-console",
              "product": "Red Hat OpenShift Container Platform 3.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-monitoring-plugin-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/code-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/dashboard-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/traefik-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-agent-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-all-in-one-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-collector-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-es-rollover-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-ingester-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quay:3"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "nodejs-compression-webpack-plugin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "nodejs-webpack",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:trusted_profile_analyzer:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhtpa/rhtpa-trustification-service-rhel9",
              "product": "Red Hat Trusted Profile Analyzer",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:01:42.824Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:0304",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:0304"
            },
            {
              "name": "RHSA-2025:0381",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0381"
            },
            {
              "name": "RHSA-2025:10853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10853"
            },
            {
              "name": "RHSA-2025:1334",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1334"
            },
            {
              "name": "RHSA-2025:1468",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1468"
            },
            {
              "name": "RHSA-2025:21068",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21068"
            },
            {
              "name": "RHSA-2025:21203",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21203"
            },
            {
              "name": "RHSA-2025:3870",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3870"
            },
            {
              "name": "RHSA-2025:4511",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4511"
            },
            {
              "name": "RHSA-2025:8059",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8059"
            },
            {
              "name": "RHSA-2025:8078",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8078"
            },
            {
              "name": "RHSA-2025:8233",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8233"
            },
            {
              "name": "RHSA-2025:8479",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8479"
            },
            {
              "name": "RHSA-2025:8512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8512"
            },
            {
              "name": "RHSA-2025:8544",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8544"
            },
            {
              "name": "RHSA-2025:8551",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8551"
            },
            {
              "name": "RHSA-2025:9294",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9294"
            },
            {
              "name": "RHSA-2026:1536",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:1536"
            },
            {
              "name": "RHSA-2026:2769",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2769"
            },
            {
              "name": "RHSA-2026:8568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:8568"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-11831"
            },
            {
              "name": "RHBZ#2312579",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312579"
            },
            {
              "url": "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e"
            },
            {
              "url": "https://github.com/yahoo/serialize-javascript/pull/173"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-16T16:43:32.021Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-11831",
        "datePublished": "2025-02-10T15:27:46.732Z",
        "dateReserved": "2024-11-26T18:56:38.187Z",
        "dateUpdated": "2026-07-01T14:01:42.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23367 (GCVE-0-2025-23367)

    Vulnerability from nvd – Published: 2025-01-30 14:30 – Updated: 2026-04-30 13:27
    VLAI
    Title
    Org.wildfly.core:wildfly-server: wildfly improper rbac permission
    Summary
    A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 27.0.1.Final (semver)
    Affected: 28.0.0.Beta1 , < 28.0.0.Beta2 (semver)
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:4.1.119-1.Final_redhat_00004.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:7.4.21-3.GA_29548_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:4.1.119-1.Final_redhat_00004.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:7.4.21-3.GA_29548_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:4.1.119-1.Final_redhat_00004.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:7.4.21-3.GA_29548_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.7-3.GA_redhat_00004.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.7-3.GA_redhat_00004.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-01-30 00:00
    Credits
    Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T14:54:55.951787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T19:51:12.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/wildfly/wildfly-core",
              "defaultStatus": "unaffected",
              "packageName": "wildfly-core",
              "versions": [
                {
                  "lessThan": "27.0.1.Final",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "28.0.0.Beta2",
                  "status": "affected",
                  "version": "28.0.0.Beta1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.21-3.GA_29548_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.21-3.GA_29548_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.21-3.GA_29548_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.7-3.GA_redhat_00004.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.7-3.GA_redhat_00004.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue."
            }
          ],
          "datePublic": "2025-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. \nThe vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T13:27:32.607Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:3465",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3465"
            },
            {
              "name": "RHSA-2025:3467",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3467"
            },
            {
              "name": "RHSA-2025:3989",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3989"
            },
            {
              "name": "RHSA-2025:3990",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3990"
            },
            {
              "name": "RHSA-2025:3992",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3992"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-23367"
            },
            {
              "name": "RHBZ#2337620",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337620"
            },
            {
              "url": "https://github.com/advisories/GHSA-qr6x-62gq-4ccp"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-14T14:56:46.389Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-30T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.wildfly.core:wildfly-server: wildfly improper rbac permission",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-284: Improper Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-23367",
        "datePublished": "2025-01-30T14:30:04.227Z",
        "dateReserved": "2025-01-14T15:23:42.645Z",
        "dateUpdated": "2026-04-30T13:27:32.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12799 (GCVE-0-2025-12799)

    Vulnerability from cvelistv5 – Published: 2026-07-07 16:18 – Updated: 2026-07-09 14:42
    VLAI
    Title
    Jastow: jastow cross-site scripting attack due to unsanitized uri
    Summary
    A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:36342 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36343 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36344 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-12799 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2413071 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1-9.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.40.0-7.redhat_00015.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:2.0.0-2.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.8.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.5-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.13.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.11.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.17.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.2-28.redhat_2.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.16.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.18.0-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.10-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.8.12-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.14.0-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.1.0-2.redhat_00010.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-5.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.30.32-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.6.6-5.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.84.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.14.18-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.8-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-2.Final_redhat_1.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.5-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:3.33.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.10.1.202505221210-1.r_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.15.4-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-6.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.0-4.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.0-4.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.13-4.redhat_5.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.10.1-2.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:33.0.0-3.jre_redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.224-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.7.19-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.0.3-3.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.2.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.11-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.10.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.5-4.redhat_00006.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.5.14-5.redhat_00016.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.4.16-6.redhat_00011.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:15.0.21-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.3-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.18-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.18.4-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.18.4-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.8.0-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.4-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-5.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-3.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.1-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.2-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-4.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.6-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.3-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.3-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.0.0-6.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-3.redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.2-3.redhat_00006.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.4-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.7-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.3-4.redhat_00004.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.6.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-4.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.3-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.3-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.0.0-8.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.6-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.3.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.7.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.8-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.6.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.19-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.3-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:16.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.5.5-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:10.1.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.31-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.0-3.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.5.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.3.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-4.SP3_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.1.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.8.16-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.0-3.redhat_00009.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.1-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.2-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.12.7-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.9.6-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.11-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.9.0-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-1.Final_redhat_3.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.23.1-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.11.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.1.2-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.1-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.132-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:0.1.10-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.37.3-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:9.7.1-3.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.3.2-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.7-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.4.0-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.6.1-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.0.3-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.14-2.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.4-4.redhat_00005.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.12-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.21-5.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.0-2.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:6.2.15-1.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.2.0-3.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.0.0-6.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.0.17-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.2.2-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.0-3.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.5.0-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:4.1.2-2.redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.1.6-3.redhat_1.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-7.redhat_00010.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.1.6-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.0.1-4.Final_redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.7.0-2.Final_redhat_00003.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.3.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.1.4-2.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.1.4-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-1.Final.redhat.00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.5-1.Final_redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:7.0.0-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:2.3.0-2.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.6.3-5.redhat_00008.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-1.redhat_00002.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:1.2.0-2.redhat_12.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.5-1.redhat_00001.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10 Unaffected: 0:3.0.4-5.redhat_00007.1.el10eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-3.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-3.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.0.4-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.7.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.50-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:7.3.8-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 1:5.3.23-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-4.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.2.9-1.SP1_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.7-4.GA_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.9-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-11.GA_redhat_00019.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2026-07-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12799",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:34:16.067117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:42:47.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1-9.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis-native",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.0.0-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aesh-extensions",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aesh-readline",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-agroal",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-angus",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.5-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-angus-activation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-antlr4",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.13.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-beanutils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.11.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-cli",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-codec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.17.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-collections",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.2-28.redhat_2.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-io",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.16.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-commons-lang",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.18.0-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf-xjc-utils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-mime4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.8.12-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-sshd",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.14.0-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-native",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:2.0.0-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-asyncutil",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.0-2.redhat_00010.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-atinject",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-5.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-aws-java-sdk",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.30.32-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-azure-storage",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.6.6-5.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.84.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-byte-buddy",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.14.18-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-caffeine",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.8-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-commons-logging-jboss-logging",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-2.Final_redhat_1.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-cryptacular",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.5-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ecj",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:3.33.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eclipse-jgit",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.10.1.202505221210-1.r_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-elasticsearch",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.15.4-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-elytron-web",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-expressly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-6.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fastinfoset",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fge-btf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-4.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-fge-msg-simple",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-4.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-gnu-getopt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.13-4.redhat_5.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-gson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.10.1-2.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-failureaccess",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-3.jre_redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-h2database",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.224-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hal-console",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.7.19-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-commons-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.0.3-3.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-search",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.2.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hornetq",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.11-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hppc",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.10.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-asyncclient",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.5-4.redhat_00006.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.5.14-5.redhat_00016.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-httpcomponents-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.4.16-6.redhat_00011.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-infinispan",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:15.0.21-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-insights-java-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.3-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-installation-manager-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ironjacamar",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.18-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-coreutils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.8.0-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-databind",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-dataformats-text",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-jaxrs-providers",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-modules-base",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jackson-modules-java8",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.18.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-activation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.4-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-annotation-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-5.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-authentication-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-authorization-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-3.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-batch-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-ejb-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-concurrent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-concurrent-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-enterprise-lang-model",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-interceptor-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-jms-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-4.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-json",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.6-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-json-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.3-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-mail",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.3-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-resource-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-security-enterprise-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.0.0-6.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-jsp-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-transaction-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-3.redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-validation-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.2-3.redhat_00006.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-websocket",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-ws-rs-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jakarta-xml-bind-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.4-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jandex",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.7-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jansi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jasypt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.3-4.redhat_00004.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-java-classmate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaee-jpa-spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-4.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaee-security-soteria",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.3-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javaewah",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.3-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-javapackages-tools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.0.0-8.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxbintros",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jberet",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-aesh",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-cert-helper",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.3-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-classfilewriter",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-common-beans",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-dmr",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-ejb3-ext-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-ejb-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.8-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-genericjms",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-iiop-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-invocation",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-jakarta-xml-ws-api_4.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-logging",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.19-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-marshalling",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.3-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-metadata",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:16.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-modules",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-msc",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.5-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-openjdk-orb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:10.1.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-remoting",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.31-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-remoting-jmx",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.0-3.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-saaj-api_3.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-stdio",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-transaction-spi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-vfs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.3.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-weld-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-4.SP3_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-common",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-common-tools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-jaxws-undertow-httpspi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-spi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-xnio-base",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.8.16-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jctools",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-aws",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-azure",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups-kubernetes",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-joda-time",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.12.7-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jose4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.9.6-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jsf-impl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.11-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jsonb-spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-json-patch",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.9.0-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jul-to-slf4j-stub",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-1.Final_redhat_3.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-log4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.23.1-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-log4j2-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-lucene-solr",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.11.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-mod_cluster",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-narayana",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.1.2-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-neethi",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.1-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.132-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.132-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-netty-xnio-transport",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:0.1.10-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-nimbus-jose-jwt",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.37.3-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-objectweb-asm",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:9.7.1-3.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-opensaml",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.3.2-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-parsson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.7-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-pem-keystore",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.0-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-plexus-utils",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.6.1-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-protoparser",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.3-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-protostream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.14-2.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactive-streams",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.4-4.redhat_00005.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactivex-rxjava",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.12-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-reactivex-rxjava2",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.21-5.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resilience4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.0-2.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.2.15-1.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy-extensions",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-resteasy-spring",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.0-3.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-saaj-impl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-shibboleth-java-support",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.0-6.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.17-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-snakeyaml",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-stax2-api",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.2.2-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-stax-ex",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.0-3.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-staxmapper",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.5.0-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-sun-istack-commons",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.2-2.redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-vdx",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1.6-3.redhat_1.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-velocity",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-7.redhat_00010.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-weld-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.6-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-client-config",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-4.Final_redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-common",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.7.0-2.Final_redhat_00003.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-discovery",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron-ee",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.4-2.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-http-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.1.4-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-naming-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.1-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-openssl",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-openssl-el10-x86_64",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-1.Final.redhat.00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-transaction-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.5-1.Final_redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-woodstox-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.0.0-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-ws-commons-XmlSchema",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.0-2.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wsdl4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.6.3-5.redhat_00008.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wss4j",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-1.redhat_00002.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-xml-commons-resolver",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.2.0-2.redhat_12.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-xml-security",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.5-1.redhat_00001.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el10"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-yasson",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.0.4-5.redhat_00007.1.el10eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-3.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-artemis-wildfly-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.4-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.7.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.50-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jbossws-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.8-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jgroups",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1:5.3.23-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-4.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.9-1.SP1_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.7-4.GA_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.9-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-11.GA_redhat_00019.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk11-openshift-rhel8/eap74-els-openjdk11-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk17-openshift-rhel8/eap74-els-openjdk17-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap74-els-openjdk8-openshift-rhel8/eap74-els-openjdk8-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jboss-eap-7/eap74-els-openjdk17-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jboss-eap-7/eap74-els-openjdk8-openshift-rhel8",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.undertow.jastow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "jastow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T00:00:08.461Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:36342",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36342"
            },
            {
              "name": "RHSA-2026:36343",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36343"
            },
            {
              "name": "RHSA-2026:36344",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36344"
            },
            {
              "name": "RHSA-2026:36345",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:36345"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12799"
            },
            {
              "name": "RHBZ#2413071",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413071"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-06T11:09:24.742Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Jastow: jastow cross-site scripting attack due to unsanitized uri",
          "workarounds": [
            {
              "lang": "en",
              "value": "It is possible to contruct successful attack vector if and only if customer or client is using embedded Undertow and Jastow together in their application and the following conditions are met:\n * Undertow was configured with UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL set to \u0027true\u0027 value\n * DeploymentInfo configured with setEscapeErrorMessage(true) method was passed to Undertow\u0027s Servlet Container instance"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12799",
        "datePublished": "2026-07-07T16:18:57.555Z",
        "dateReserved": "2025-11-06T11:15:12.378Z",
        "dateUpdated": "2026-07-09T14:42:47.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28369 (GCVE-0-2026-28369)

    Vulnerability from cvelistv5 – Published: 2026-03-27 16:13 – Updated: 2026-06-10 21:05
    VLAI
    Title
    Undertow: undertow: request smuggling via malformed http request headers
    Summary
    A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:25125 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-28369 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2443262 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.40.0-7.redhat_00015.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.40.0-7.redhat_00015.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-28T03:55:51.631071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-29T13:56:11.063Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T21:05:10.640Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:25125",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25125"
            },
            {
              "name": "RHSA-2026:25126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25126"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-28369"
            },
            {
              "name": "RHBZ#2443262",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443262"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-27T04:39:59.064Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: undertow: request smuggling via malformed http request headers",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-28369",
        "datePublished": "2026-03-27T16:13:05.719Z",
        "dateReserved": "2026-02-27T04:42:16.439Z",
        "dateUpdated": "2026-06-10T21:05:10.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28367 (GCVE-0-2026-28367)

    Vulnerability from cvelistv5 – Published: 2026-03-27 16:13 – Updated: 2026-06-29 09:26
    VLAI
    Title
    Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator
    Summary
    A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:25125 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-28367 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2443260 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.40.0-7.redhat_00015.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.40.0-7.redhat_00015.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T13:27:40.351547Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T13:27:54.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\\r\\r\\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T09:26:59.597Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:25125",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25125"
            },
            {
              "name": "RHSA-2026:25126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25126"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-28367"
            },
            {
              "name": "RHBZ#2443260",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443260"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-27T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: undertow: request smuggling via `\\r\\r\\r` as a header block terminator",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this vulnerability, configure any proxy servers positioned in front of Undertow to strictly validate HTTP header terminations. Ensure that these proxies are configured to reject or normalize non-standard header block terminators, such as `\\r\\r\\r`, before forwarding requests to Undertow. This operational control helps prevent request smuggling attacks by ensuring that only properly formed HTTP requests reach the Undertow server."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-28367",
        "datePublished": "2026-03-27T16:13:05.108Z",
        "dateReserved": "2026-02-27T04:42:16.439Z",
        "dateUpdated": "2026-06-29T09:26:59.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28368 (GCVE-0-2026-28368)

    Vulnerability from cvelistv5 – Published: 2026-03-27 16:13 – Updated: 2026-06-29 09:26
    VLAI
    Title
    Undertow: undertow: request smuggling via inconsistent header parsing
    Summary
    A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:25125 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-28368 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2443261 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.40.0-7.redhat_00015.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.40.0-7.redhat_00015.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.6.1-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.24-3.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.6-7.GA_redhat_00010.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T18:49:45.702271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T19:57:36.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-activemq-artemis",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.40.0-7.redhat_00015.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.6.1-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.24-3.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-7.GA_redhat_00010.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T09:26:59.511Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:25125",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25125"
            },
            {
              "name": "RHSA-2026:25126",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:25126"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-28368"
            },
            {
              "name": "RHBZ#2443261",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443261"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-27T04:39:57.578Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-08-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: undertow: request smuggling via inconsistent header parsing",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-28368",
        "datePublished": "2026-03-27T16:13:03.775Z",
        "dateReserved": "2026-02-27T04:42:16.439Z",
        "dateUpdated": "2026-06-29T09:26:59.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3260 (GCVE-0-2026-3260)

    Vulnerability from cvelistv5 – Published: 2026-03-24 04:11 – Updated: 2026-07-07 19:50
    VLAI

    The Undertow web server enforces a default maximum HTTP request entity size limit. Any request (including GET or HEAD) containing a body that exceeds this configurable limit is safely dropped by the server, preventing single-request Resource Exhaustion (Out of Memory) Denial of Service attacks.

    Show details on NVD website

    {
      "containers": {
        "cna": {
          "providerMetadata": {
            "dateUpdated": "2026-07-07T19:50:22.087Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "rejectedReasons": [
            {
              "lang": "en",
              "value": "The Undertow web server enforces a default maximum HTTP request entity size limit. Any request (including GET or HEAD) containing a body that exceeds this configurable limit is safely dropped by the server, preventing single-request Resource Exhaustion (Out of Memory) Denial of Service attacks."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-3260",
        "datePublished": "2026-03-24T04:11:16.085Z",
        "dateRejected": "2026-07-07T19:50:22.087Z",
        "dateReserved": "2026-02-26T14:22:15.920Z",
        "dateUpdated": "2026-07-07T19:50:22.087Z",
        "state": "REJECTED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4027 (GCVE-0-2024-4027)

    Vulnerability from cvelistv5 – Published: 2026-01-30 14:25 – Updated: 2026-06-30 12:06
    VLAI
    Title
    Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks
    Summary
    A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4 for Quarkus 3     cpe:/a:redhat:camel_quarkus:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 3     cpe:/a:redhat:camel_spring_boot:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse Service Works 6     cpe:/a:redhat:jboss_fuse_service_works:6
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat streams for Apache Kafka     cpe:/a:redhat:amq_streams:1
    Create a notification for this product.
    Date Public
    2026-01-30 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4027",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-30T14:41:20.519260Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-30T14:41:46.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:service_registry:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apicurio Registry 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quarkus:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Quarkus",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Fuse 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:integration:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Integration Camel K 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Data Grid 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse_service_works:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Fuse Service Works 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Process Automation 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Data Grid 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "unknown",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_hawtio:4"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of Apache Camel - HawtIO 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:camel_quarkus:3"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of Apache Camel 4 for Quarkus 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:camel_spring_boot:3"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of Apache Camel for Spring Boot 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:camel_spring_boot:4"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of Apache Camel for Spring Boot 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:build_keycloak:"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat Build of Keycloak",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:optaplanner:::el6"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat build of OptaPlanner 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_streams:1"
                ],
                "defaultStatus": "unknown",
                "product": "streams for Apache Kafka",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-30T14:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:30.892Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-4027"
              },
              {
                "name": "RHBZ#2276410",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276410"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4027.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2024-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-30T14:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "undertow: OutOfMemoryError in HttpServletRequestImpl.getParameterNames() can cause remote DoS attacks",
            "workarounds": [
              {
                "lang": "en",
                "value": "Currently no mitigation is available for this vulnerability. Please make sure to perform the update as they become available."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 4 for Quarkus 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:optaplanner:::el6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of OptaPlanner 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse_service_works:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Fuse Service Works 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_streams:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "streams for Apache Kafka",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-01-30T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T23:30:30.668Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4027"
            },
            {
              "name": "RHBZ#2276410",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276410"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-22T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-30T14:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently no mitigation is available for this vulnerability. Please make sure to perform the update as they become available."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-4027",
        "datePublished": "2026-01-30T14:25:54.405Z",
        "dateReserved": "2024-04-22T13:10:21.747Z",
        "dateUpdated": "2026-06-30T12:06:30.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0603 (GCVE-0-2026-0603)

    Vulnerability from cvelistv5 – Published: 2026-01-23 06:31 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection
    Summary
    A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:4915 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4917 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6011 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6012 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-0603 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2427147 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Affected: 5.2.8 , ≤ 5.6.15 (semver)
    Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 5.3.38.Final-redhat-00001 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:5.1.17-4.Final_redhat_00005.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:7.1.14-4.GA_redhat_00003.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:5.3.38-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.17-5.GA_redhat_00006.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:5.3.38-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:5.3.38-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:5.3.38-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
    Create a notification for this product.
    Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 8     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 9     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform     cpe:/a:redhat:jboss_enterprise_application_platform::el7
    Create a notification for this product.
    Date Public
    2026-01-19 10:10
    Credits
    Red Hat would like to thank Christiaan Swiers (YouGina) and Tommy Williams (HeroDevs) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-24T04:55:25.177681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:24.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_broker:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AMQ Broker 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:optaplanner:::el6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of OptaPlanner 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Fuse 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Process Automation 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Data Grid 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-19T10:10:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:13.526Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-0603"
              },
              {
                "name": "RHBZ#2427147",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0603.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6012"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6011"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4915"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4916"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4917"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4924"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:6012: Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6011: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4915: Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4916: Red Hat JBoss EAP 7.4 ELS for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4917: Red Hat JBoss EAP 7.4 ELS for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4924: Red Hat JBoss Enterprise Application Platform"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-05T13:12:29.816Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-19T10:10:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/hibernate/hibernate-orm",
              "defaultStatus": "unaffected",
              "packageName": "org.hibernate/hibernate-core",
              "versions": [
                {
                  "lessThanOrEqual": "5.6.15",
                  "status": "affected",
                  "version": "5.2.8",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "affected",
              "packageName": "org.hibernate/hibernate-core",
              "product": "Red Hat JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "5.3.38.Final-redhat-00001",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.1.17-4.Final_redhat_00005.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.1.14-4.GA_redhat_00003.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.3.38-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.17-5.GA_redhat_00006.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.3.38-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.3.38-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.3.38-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:optaplanner:::el6"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat build of OptaPlanner 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-trustyai-service-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhoai/odh-trustyai-service-rhel9",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "devspaces/openvsx-rhel9",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "devspaces/pluginregistry-rhel9",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "satellite:el8/candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Christiaan Swiers (YouGina) and Tommy Williams (HeroDevs) for reporting this issue."
            }
          ],
          "datePublic": "2026-01-19T10:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T04:11:12.867Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:4915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4915"
            },
            {
              "name": "RHSA-2026:4916",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4916"
            },
            {
              "name": "RHSA-2026:4917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4917"
            },
            {
              "name": "RHSA-2026:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4924"
            },
            {
              "name": "RHSA-2026:6011",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:6011"
            },
            {
              "name": "RHSA-2026:6012",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:6012"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-0603"
            },
            {
              "name": "RHBZ#2427147",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-05T13:12:29.816Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-19T10:10:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-0603",
        "datePublished": "2026-01-23T06:31:38.975Z",
        "dateReserved": "2026-01-05T13:18:55.616Z",
        "dateUpdated": "2026-06-30T12:07:13.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12543 (GCVE-0-2025-12543)

    Vulnerability from cvelistv5 – Published: 2026-01-07 16:04 – Updated: 2026-06-30 03:15
    VLAI
    Title
    Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
    Summary
    A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:0383 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0384 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0386 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33371 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33372 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3889 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3890 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3892 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4915 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4917 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-12543 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2408784 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    Impacted products
    Vendor Product Version
    Red Hat Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11     cpe:/a:redhat:apache_camel_spring_boot:4.14
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 2.2.39.Final-redhat-00001 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.4.18-21.SP19_redhat_00001.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-8.SP9_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.83.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.6-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.0-3.redhat_00009.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.83.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.6-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.0-3.redhat_00009.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.82.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.0.1-3.redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.5.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.82.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.0.1-3.redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.5.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 8     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 8.0 for RHEL 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 8.1 for RHEL 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 7.4 ELS for RHEL 9     cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 8.0 for RHEL 9     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss EAP 8.1 for RHEL 9     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform     cpe:/a:redhat:jboss_enterprise_application_platform::el7
    Create a notification for this product.
    Date Public
    2026-01-08 00:00
    Credits
    Red Hat would like to thank Ahmet Artuç for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12543",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T03:55:30.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 8.0 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 8.1 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 8.0 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss EAP 8.1 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 8.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 8.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform::el7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_spring_boot:4.14"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_data_grid:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Data Grid 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_fuse:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Fuse 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_application_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jbosseapxp"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Process Automation 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_single_sign_on:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Single Sign-On 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:apache_camel_hawtio:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat build of Apache Camel - HawtIO 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-08T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:15:36.209Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
              },
              {
                "name": "RHBZ#2408784",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-12543.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33372"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33371"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4915"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4916"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3889"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0383"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4917"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3891"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0384"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3892"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:0386"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4924"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:3890"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:33372: Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4915: Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4916: Red Hat JBoss EAP 7.4 ELS for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3889: Red Hat JBoss EAP 8.0 for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0383: Red Hat JBoss EAP 8.1 for RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4917: Red Hat JBoss EAP 7.4 ELS for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3891: Red Hat JBoss EAP 8.0 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0384: Red Hat JBoss EAP 8.1 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3892: Red Hat JBoss Enterprise Application Platform 8.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:0386: Red Hat JBoss Enterprise Application Platform 8.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4924: Red Hat JBoss Enterprise Application Platform"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:3890: Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-10-31T06:15:35.424Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-08T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.14"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow/undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.39.Final-redhat-00001",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.18-21.SP19_redhat_00001.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-8.SP9_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Ahmet Artu\u00e7 for reporting this issue."
            }
          ],
          "datePublic": "2026-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T02:46:49.150Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0383"
            },
            {
              "name": "RHSA-2026:0384",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0384"
            },
            {
              "name": "RHSA-2026:0386",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0386"
            },
            {
              "name": "RHSA-2026:33371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33371"
            },
            {
              "name": "RHSA-2026:33372",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33372"
            },
            {
              "name": "RHSA-2026:3889",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3889"
            },
            {
              "name": "RHSA-2026:3890",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3890"
            },
            {
              "name": "RHSA-2026:3891",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3891"
            },
            {
              "name": "RHSA-2026:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3892"
            },
            {
              "name": "RHSA-2026:4915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4915"
            },
            {
              "name": "RHSA-2026:4916",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4916"
            },
            {
              "name": "RHSA-2026:4917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4917"
            },
            {
              "name": "RHSA-2026:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4924"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
            },
            {
              "name": "RHBZ#2408784",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-31T06:15:35.424Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-01-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-12543",
        "datePublished": "2026-01-07T16:04:22.155Z",
        "dateReserved": "2025-10-31T06:48:03.659Z",
        "dateUpdated": "2026-06-30T03:15:36.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3884 (GCVE-0-2024-3884)

    Vulnerability from cvelistv5 – Published: 2025-12-03 18:40 – Updated: 2026-07-07 15:54
    VLAI
    Title
    Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
    Summary
    A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:0383 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0384 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:0386 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3889 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:3892 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4915 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4917 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:4924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6011 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6012 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-3884 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2275287 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 2.2.39.Final-redhat-00001 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.4.18-19.SP17_redhat_00001.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:7.1.14-4.GA_redhat_00003.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-7.SP8_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.17-5.GA_redhat_00006.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.83.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.6-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.0-3.redhat_00009.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.83.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.6-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.0-3.redhat_00009.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.82.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.0.1-3.redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.5.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.82.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.0.1-3.redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.5.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel 4 for Quarkus 3     cpe:/a:redhat:camel_quarkus:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 3     cpe:/a:redhat:camel_spring_boot:3
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel for Spring Boot 4     cpe:/a:redhat:camel_spring_boot:4
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat Integration Camel Quarkus 2     cpe:/a:redhat:camel_quarkus:2
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse Service Works 6     cpe:/a:redhat:jboss_fuse_service_works:6
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat streams for Apache Kafka     cpe:/a:redhat:amq_streams:1
    Create a notification for this product.
    Date Public
    2025-12-03 16:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3884",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-03T20:50:16.644717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-03T20:55:19.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow/undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.39.Final-redhat-00001",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.18-19.SP17_redhat_00001.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.1.14-4.GA_redhat_00003.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-7.SP8_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.17-5.GA_redhat_00006.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel 4 for Quarkus 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_spring_boot:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel for Spring Boot 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:optaplanner:::el6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat build of OptaPlanner 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:2"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel Quarkus 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse_service_works:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Fuse Service Works 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_streams:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "streams for Apache Kafka",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-12-03T16:50:50.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:54:13.328Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0383"
            },
            {
              "name": "RHSA-2026:0384",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0384"
            },
            {
              "name": "RHSA-2026:0386",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0386"
            },
            {
              "name": "RHSA-2026:3889",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3889"
            },
            {
              "name": "RHSA-2026:3891",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3891"
            },
            {
              "name": "RHSA-2026:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3892"
            },
            {
              "name": "RHSA-2026:4915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4915"
            },
            {
              "name": "RHSA-2026:4916",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4916"
            },
            {
              "name": "RHSA-2026:4917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4917"
            },
            {
              "name": "RHSA-2026:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4924"
            },
            {
              "name": "RHSA-2026:6011",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:6011"
            },
            {
              "name": "RHSA-2026:6012",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:6012"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-3884"
            },
            {
              "name": "RHBZ#2275287",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-16T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-12-03T16:50:50.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded",
          "workarounds": [
            {
              "lang": "en",
              "value": "It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-3884",
        "datePublished": "2025-12-03T18:40:25.606Z",
        "dateReserved": "2024-04-16T13:30:53.755Z",
        "dateUpdated": "2026-07-07T15:54:13.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9784 (GCVE-0-2025-9784)

    Vulnerability from cvelistv5 – Published: 2025-09-02 13:37 – Updated: 2026-06-30 02:46
    VLAI
    Title
    Undertow: undertow madeyoureset http/2 ddos vulnerability
    Summary
    A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.2.38.Final (semver)
    Red Hat Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8     cpe:/a:redhat:apache_camel_spring_boot:4.14
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Unaffected: 2.2.39.Final-redhat-00001 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Unaffected: 0:1.4.18-21.SP19_redhat_00001.1.ep7.el7 , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:2.0.41-8.SP9_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:2.2.39-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Unaffected: 0:7.4.24-4.GA_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.83.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.6-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.0-3.redhat_00009.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.83.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:33.0.0-2.jre_redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.6-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.0-3.redhat_00009.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.23-1.SP3_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.10-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.82.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:1.0.1-3.redhat_00003.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.5.0-1.redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.10-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.82.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:801.3.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:1.0.1-3.redhat_00003.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:6.6.36-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:4.0.2-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.5.0-1.redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.3.20-2.SP4_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.3-4.GA_redhat_00006.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:5.0.12-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:2.6.6-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.1-4.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-09-01 06:21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T13:55:22.694531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-404",
                    "description": "CWE-404 Improper Resource Shutdown or Release",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-19T15:07:25.667Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:07:57.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/767506"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/undertow-io/undertow/",
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "versions": [
                {
                  "lessThan": "2.2.38.Final",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.14"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "affected",
              "packageName": "io.undertow/undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.2.39.Final-redhat-00001",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.4.18-21.SP19_redhat_00001.1.ep7.el7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.41-8.SP9_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.39-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.24-4.GA_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.83.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-guava-libraries",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:33.0.0-2.jre_redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jaxb",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.6-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jcip-annotations",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.0-3.redhat_00009.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-slf4j-jboss-logmanager",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.23-1.SP3_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-apache-cxf",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.10-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-bouncycastle",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.82.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eap-product-conf-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:801.3.0-1.GA_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-eventstream",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0.1-3.redhat_00003.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-hibernate",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.6.36-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-el-api_5.0_spec",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.0.2-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-jboss-threads",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.5.0-1.redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.3.20-2.SP4_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.3-4.GA_redhat_00006.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-clustering",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:5.0.12-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-elytron",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.6.6-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly-javadocs",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.1-4.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "moditect",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-core:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pki-deps:10.6/resteasy",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "resteasy",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.jberet-jberet-parent",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "org.jboss.eap-jboss-eap-xp",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow-core",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-09-01T06:21:54.614Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS)."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T02:46:43.628Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:23143",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:23143"
            },
            {
              "name": "RHSA-2026:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0383"
            },
            {
              "name": "RHSA-2026:0384",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0384"
            },
            {
              "name": "RHSA-2026:0386",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:0386"
            },
            {
              "name": "RHSA-2026:33371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33371"
            },
            {
              "name": "RHSA-2026:33372",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33372"
            },
            {
              "name": "RHSA-2026:3889",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3889"
            },
            {
              "name": "RHSA-2026:3891",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3891"
            },
            {
              "name": "RHSA-2026:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3892"
            },
            {
              "name": "RHSA-2026:4915",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4915"
            },
            {
              "name": "RHSA-2026:4916",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4916"
            },
            {
              "name": "RHSA-2026:4917",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4917"
            },
            {
              "name": "RHSA-2026:4924",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:4924"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-9784"
            },
            {
              "name": "RHBZ#2392306",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
            },
            {
              "url": "https://github.com/undertow-io/undertow/pull/1778"
            },
            {
              "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
            },
            {
              "url": "https://issues.redhat.com/browse/UNDERTOW-2598"
            },
            {
              "url": "https://kb.cert.org/vuls/id/767506"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-01T06:19:20.938Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-09-01T06:21:54.614Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: undertow madeyoureset http/2 ddos vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-9784",
        "datePublished": "2025-09-02T13:37:59.772Z",
        "dateReserved": "2025-09-01T06:33:05.239Z",
        "dateUpdated": "2026-06-30T02:46:43.628Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5731 (GCVE-0-2025-5731)

    Vulnerability from cvelistv5 – Published: 2025-06-26 21:28 – Updated: 2026-01-08 03:11
    VLAI
    Title
    Infinispan: credential leakage in infinispan cli
    Summary
    A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2025:10130 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2025-5731 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2370429 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2025-06-26 21:24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T13:13:26.599882Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T13:13:36.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/infinispan/infinispan",
              "defaultStatus": "unaffected",
              "packageName": "infinispan",
              "product": "infinispan",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "15.2.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "infinispan-cli-client",
              "product": "Red Hat Data Grid 8.5.4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "infinispan-cli-client",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "infinispan-cli-client",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "infinispan-cli-client",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-06-26T21:24:21.857Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-08T03:11:10.828Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:10130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10130"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-5731"
            },
            {
              "name": "RHBZ#2370429",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370429"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-05T13:42:15.727Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-06-26T21:24:21.857Z",
              "value": "Made public."
            }
          ],
          "title": "Infinispan: credential leakage in infinispan cli",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently, no mitigation is available for this vulnerability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-5731",
        "datePublished": "2025-06-26T21:28:59.501Z",
        "dateReserved": "2025-06-05T13:48:09.202Z",
        "dateUpdated": "2026-01-08T03:11:10.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2240 (GCVE-0-2025-2240)

    Vulnerability from cvelistv5 – Published: 2025-03-12 14:55 – Updated: 2026-05-06 16:47
    VLAI
    Title
    Smallrye-fault-tolerance: smallrye fault tolerance
    Summary
    A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1325 - Improperly Controlled Sequential Memory Allocation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 6.3.0 , < 6.4.2 (semver)
    Affected: 6.5.0 , < 6.9.0 (semver)
    Red Hat Red Hat build of Apache Camel 4.8.5 for Spring Boot     cpe:/a:redhat:apache_camel_spring_boot:4.8.5
    Create a notification for this product.
    Red Hat Red Hat Build of Apache Camel 4.8 for Quarkus 3.15     cpe:/a:redhat:camel_quarkus:3.15
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus 3.15.4     cpe:/a:redhat:quarkus:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 3     cpe:/a:redhat:apicurio_registry:3
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:3
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Date Public
    2025-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:08:58.646132Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T15:37:42.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/smallrye/smallrye-fault-tolerance",
              "defaultStatus": "unaffected",
              "packageName": "smallrye-fault-tolerance-core",
              "versions": [
                {
                  "lessThan": "6.4.2",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.9.0",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_spring_boot:4.8.5"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat build of Apache Camel 4.8.5 for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3.15"
              ],
              "defaultStatus": "unaffected",
              "packageName": "com.redhat.quarkus.platform/quarkus-camel-bom",
              "product": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3.15"
              ],
              "defaultStatus": "unaffected",
              "packageName": "com.redhat.quarkus.platform/quarkus-cxf-bom",
              "product": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:quarkus:3.15::el8"
              ],
              "defaultStatus": "unaffected",
              "product": "Red Hat build of Quarkus 3.15.4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apicurio_registry:3"
              ],
              "defaultStatus": "affected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat build of Apicurio Registry 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-apiimpl",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "io.smallrye/smallrye-fault-tolerance-core",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "smallrye-fault-tolerance-core",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "smallrye-fault-tolerance-core",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "smallrye-fault-tolerance-core",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1325",
                  "description": "Improperly Controlled Sequential Memory Allocation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-06T16:47:49.252Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:3376",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3376"
            },
            {
              "name": "RHSA-2025:3541",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3541"
            },
            {
              "name": "RHSA-2025:3543",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3543"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-2240"
            },
            {
              "name": "RHBZ#2351452",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351452"
            },
            {
              "url": "https://github.com/advisories/GHSA-gfh6-3pqw-x2j4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-12T02:23:44.660Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-03-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Smallrye-fault-tolerance: smallrye fault tolerance",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1325: Improperly Controlled Sequential Memory Allocation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-2240",
        "datePublished": "2025-03-12T14:55:15.889Z",
        "dateReserved": "2025-03-12T02:36:02.101Z",
        "dateUpdated": "2026-05-06T16:47:49.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23368 (GCVE-0-2025-23368)

    Vulnerability from cvelistv5 – Published: 2025-03-04 15:14 – Updated: 2026-06-30 02:47
    VLAI
    Title
    Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli
    Summary
    A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ * (semver)
    Red Hat Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Unaffected: 0:7.3.18-3.GA_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1     cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 Unaffected: 0:8.1.6-5.GA_redhat_00007.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 Unaffected: 0:8.1.6-5.GA_redhat_00007.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-03-03 00:00
    Credits
    Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T15:57:14.702481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T15:57:33.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/wildfly/wildfly-core",
              "defaultStatus": "unknown",
              "packageName": "wildfly-core",
              "versions": [
                {
                  "lessThanOrEqual": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.3.18-3.GA_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-5.GA_redhat_00007.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.1.6-5.GA_redhat_00007.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.security/wildfly-elytron",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "wildfly-elytron-integration",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue."
            }
          ],
          "datePublic": "2025-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T02:47:11.489Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:18054",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:18054"
            },
            {
              "name": "RHSA-2026:18055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:18055"
            },
            {
              "name": "RHSA-2026:18059",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:18059"
            },
            {
              "name": "RHSA-2026:33371",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:33371"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-23368"
            },
            {
              "name": "RHBZ#2337621",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621"
            },
            {
              "url": "https://www.gruppotim.it/it/footer/red-team.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-14T14:56:46.792Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-03-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli",
          "workarounds": [
            {
              "lang": "en",
              "value": "The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-307: Improper Restriction of Excessive Authentication Attempts"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-23368",
        "datePublished": "2025-03-04T15:14:47.806Z",
        "dateReserved": "2025-01-14T15:23:42.646Z",
        "dateUpdated": "2026-06-30T02:47:11.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-11831 (GCVE-0-2024-11831)

    Vulnerability from cvelistv5 – Published: 2025-02-10 15:27 – Updated: 2026-07-01 14:01
    VLAI
    Title
    Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
    Summary
    A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHBA-2025:0304 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:0381 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:10853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1334 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21068 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:21203 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:3870 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:4511 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8059 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8078 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8233 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8479 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8544 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:8551 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:9294 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:1536 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:2769 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-11831 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2312579 issue-trackingx_refsource_REDHAT
    https://github.com/yahoo/serialize-javascript/com…
    https://github.com/yahoo/serialize-javascript/pull/173
    Impacted products
    Vendor Product Version
    Affected: 6.0 , < 6.0.2 (semver)
    Red Hat Red Hat Advanced Cluster Security 4.4 Unaffected: 4.4.8-2 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.4::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4.5 Unaffected: 4.5.6-2 , < * (rpm)
        cpe:/a:redhat:advanced_cluster_security:4.5::el8
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 7.1 Unaffected: 2:18.2.1-381.el8cp , < * (rpm)
        cpe:/a:redhat:ceph_storage:7.1::el8
        cpe:/a:redhat:ceph_storage:7.1::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8.1 Unaffected: 2:19.2.1-292.el9cp , < * (rpm)
        cpe:/a:redhat:ceph_storage:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9.0 Unaffected: 2:20.1.0-144.el10cp , < * (rpm)
        cpe:/a:redhat:ceph_storage:9.0::el10
        cpe:/a:redhat:ceph_storage:9.0::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:8.0.112-1.el8_10 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
        cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:8.0.112-1.el9_5 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat RHODF-4.14-RHEL-9 Unaffected: v4.14.18-2 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.14::el9
    Create a notification for this product.
    Red Hat RHODF-4.14-RHEL-9 Unaffected: v4.14.18-3 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.14::el9
    Create a notification for this product.
    Red Hat RHODF-4.15-RHEL-9 Unaffected: v4.15.14-2 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.15::el9
    Create a notification for this product.
    Red Hat RHODF-4.16-RHEL-9 Unaffected: v4.16.10-4 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat RHODF-4.16-RHEL-9 Unaffected: v4.16.10-3 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat RHODF-4.17-RHEL-9 Unaffected: v4.17.7-2 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.17::el9
    Create a notification for this product.
    Red Hat RHODF-4.18-RHEL-9 Unaffected: v4.18.2-8 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.18::el9
    Create a notification for this product.
    Red Hat RHODF-4.18-RHEL-9 Unaffected: v4.18.2-7 , < * (rpm)
        cpe:/a:redhat:openshift_data_foundation:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8 Unaffected: 8 , < * (rpm)
        cpe:/a:redhat:ceph_storage:8::el9
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9.0 Unaffected: 1776359884 , < * (rpm)
        cpe:/a:redhat:ceph_storage:9.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.14.6 Unaffected: v1.14.6-1744143767 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.14::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.15 Unaffected: v1.15.3-1746939886 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.15 Unaffected: v1.15.3-1746936251 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.15::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.16 Unaffected: v1.16.4-1747983385 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.16::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.16 Unaffected: v1.16.4-1747979846 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.16::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.17 Unaffected: v1.17.2-1749452800 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.17::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.17 Unaffected: v1.17.2-1750066936 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.17::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.18.0 Unaffected: v1.18.1-1747749913 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.19 Unaffected: v1.19.0-1752127853 , < * (rpm)
        cpe:/a:redhat:openshift_pipelines:1.19::el9
    Create a notification for this product.
    Red Hat Cryostat 3     cpe:/a:redhat:cryostat:3
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:5
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization     cpe:/a:redhat:migration_toolkit_virtualization:2
    Create a notification for this product.
    Red Hat .NET 6.0 on Red Hat Enterprise Linux     cpe:/a:redhat:rhel_dotnet:6.0
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
    Create a notification for this product.
    Red Hat Red Hat build of Apicurio Registry 2     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 7     cpe:/a:redhat:ceph_storage:7
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8     cpe:/a:redhat:ceph_storage:8
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9     cpe:/a:redhat:ceph_storage:9
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Discovery 1     cpe:/a:redhat:discovery:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 3.11     cpe:/a:redhat:openshift:3.11
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3     cpe:/a:redhat:openshift_distributed_tracing:3
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat Trusted Profile Analyzer     cpe:/a:redhat:trusted_profile_analyzer:1
    Create a notification for this product.
    Date Public
    2024-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T17:08:31.160473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-10T17:08:44.112Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/yahoo/serialize-javascript",
              "packageName": "serialize-javascript",
              "versions": [
                {
                  "lessThan": "6.0.2",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.4",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.4.8-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "advanced-cluster-security/rhacs-main-rhel8",
              "product": "Red Hat Advanced Cluster Security 4.5",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.5.6-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7.1::el8",
                "cpe:/a:redhat:ceph_storage:7.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ceph",
              "product": "Red Hat Ceph Storage 7.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:18.2.1-381.el8cp",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ceph",
              "product": "Red Hat Ceph Storage 8.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:19.2.1-292.el9cp",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:9.0::el10",
                "cpe:/a:redhat:ceph_storage:9.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "ceph",
              "product": "Red Hat Ceph Storage 9.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2:20.1.0-144.el10cp",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream",
                "cpe:/a:redhat:enterprise_linux:8::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "dotnet8.0",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.112-1.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "dotnet8.0",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.112-1.el9_5",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.14-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.14.18-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.14-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.14.18-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.14-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.14.18-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.14-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.14-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.15-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.15.14-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.10-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.10-4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.16-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.16.10-3",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.17-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.7-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.17-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.7-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.17-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.17.7-2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/ocs-client-console-rhel9",
              "product": "RHODF-4.18-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.2-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-console-rhel9",
              "product": "RHODF-4.18-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.2-7",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "odf4/odf-multicluster-console-rhel9",
              "product": "RHODF-4.18-RHEL-9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v4.18.2-8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhceph/rhceph-8-rhel9",
              "product": "Red Hat Ceph Storage 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:9.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhceph/rhceph-9-rhel9",
              "product": "Red Hat Ceph Storage 9.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1776359884",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.14::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.14.6",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.14.6-1744143767",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.15.3-1746939886",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.15::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.15",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.15.3-1746936251",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.16::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.4-1747983385",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.16::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.16",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.16.4-1747979846",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.17::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.17.2-1749452800",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.17::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "Red Hat OpenShift Pipelines 1.17",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.17.2-1750066936",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.18::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel9",
              "product": "Red Hat OpenShift Pipelines 1.18.0",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.18.1-1747749913",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1.19::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-console-plugin-rhel9",
              "product": "Red Hat OpenShift Pipelines 1.19",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "v1.19.0-1752127853",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cryostat:3"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Cryostat 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:logging:5"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-logging/kibana6-rhel8",
              "product": "Logging Subsystem for Red Hat OpenShift",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:migration_toolkit_virtualization:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "migration-toolkit-virtualization/mtv-console-plugin-rhel9",
              "product": "Migration Toolkit for Virtualization",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_dotnet:6.0"
              ],
              "defaultStatus": "unknown",
              "packageName": "rh-dotnet60-dotnet",
              "product": ".NET 6.0 on Red Hat Enterprise Linux",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_lightspeed"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-lightspeed-beta/lightspeed-console-plugin-rhel9",
              "product": "OpenShift Lightspeed",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-api-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-db-migration-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_pipelines:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-pipelines/pipelines-hub-ui-rhel8",
              "product": "OpenShift Pipelines",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:serverless:1"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "OpenShift Serverless",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_mesh:2"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-service-mesh/kiali-ossmc-rhel8",
              "product": "OpenShift Service Mesh 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_mesh:2"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-service-mesh/kiali-rhel8",
              "product": "OpenShift Service Mesh 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:red_hat_3scale_amp:2"
              ],
              "defaultStatus": "affected",
              "packageName": "3scale-amp-system-container",
              "product": "Red Hat 3scale API Management Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:acm:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhacm2/console-rhel8",
              "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-rhel8-operator",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-roxctl-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_cluster_security:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "advanced-cluster-security/rhacs-scanner-v4-rhel8",
              "product": "Red Hat Advanced Cluster Security 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "aap-cloud-ui-container",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "ansible-automation-platform-25/lightspeed-rhel8",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "automation-controller",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ansible_automation_platform:2"
              ],
              "defaultStatus": "affected",
              "packageName": "automation-eda-controller",
              "product": "Red Hat Ansible Automation Platform 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:apache_camel_hawtio:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat build of Apache Camel - HawtIO 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat build of Apicurio Registry 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:optaplanner:::el6"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat build of OptaPlanner 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "grafana",
              "product": "Red Hat Ceph Storage 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7"
              ],
              "defaultStatus": "affected",
              "packageName": "libarrow",
              "product": "Red Hat Ceph Storage 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pybind",
              "product": "Red Hat Ceph Storage 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "grafana",
              "product": "Red Hat Ceph Storage 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8"
              ],
              "defaultStatus": "affected",
              "packageName": "libarrow",
              "product": "Red Hat Ceph Storage 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:9"
              ],
              "defaultStatus": "affected",
              "packageName": "libarrow",
              "product": "Red Hat Ceph Storage 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:9"
              ],
              "defaultStatus": "affected",
              "packageName": "pybind",
              "product": "Red Hat Ceph Storage 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhdh-hub-container",
              "product": "Red Hat Developer Hub",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:1"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery-server-container",
              "product": "Red Hat Discovery 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "dotnet8.0",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "dotnet6.0",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "grafana",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pcs",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "dotnet6.0",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unknown",
              "packageName": "dotnet7.0",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "pcs",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Integration Camel K 1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "serialize-javascript",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "odh-dashboard-container",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-dashboard-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-data-science-pipelines-argo-argoexec-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-data-science-pipelines-argo-workflowcontroller-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-kf-notebook-controller-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-api-server-v2-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-driver-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-launcher-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-persistenceagent-v2-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-ml-pipelines-scheduledworkflow-v2-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "affected",
              "packageName": "odh-model-registry-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "odh-notebook-controller-rhel8",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openshift_ai"
              ],
              "defaultStatus": "unaffected",
              "packageName": "odh-operator-container",
              "product": "Red Hat OpenShift AI (RHOAI)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:3.11"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift3/ose-console",
              "product": "Red Hat OpenShift Container Platform 3.11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift4/ose-monitoring-plugin-rhel9",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/code-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/dashboard-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_devspaces:3"
              ],
              "defaultStatus": "affected",
              "packageName": "devspaces/traefik-rhel8",
              "product": "Red Hat OpenShift Dev Spaces",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-agent-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-all-in-one-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-collector-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-es-index-cleaner-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-es-rollover-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhosdt/jaeger-ingester-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_distributed_tracing:3"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosdt/jaeger-query-rhel8",
              "product": "Red Hat OpenShift distributed tracing 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quay:3"
              ],
              "defaultStatus": "affected",
              "packageName": "quay/quay-rhel8",
              "product": "Red Hat Quay 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "nodejs-compression-webpack-plugin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "nodejs-webpack",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "serialize-javascript",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:trusted_profile_analyzer:1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhtpa/rhtpa-trustification-service-rhel9",
              "product": "Red Hat Trusted Profile Analyzer",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:01:42.824Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:0304",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:0304"
            },
            {
              "name": "RHSA-2025:0381",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:0381"
            },
            {
              "name": "RHSA-2025:10853",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:10853"
            },
            {
              "name": "RHSA-2025:1334",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1334"
            },
            {
              "name": "RHSA-2025:1468",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1468"
            },
            {
              "name": "RHSA-2025:21068",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21068"
            },
            {
              "name": "RHSA-2025:21203",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:21203"
            },
            {
              "name": "RHSA-2025:3870",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3870"
            },
            {
              "name": "RHSA-2025:4511",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:4511"
            },
            {
              "name": "RHSA-2025:8059",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8059"
            },
            {
              "name": "RHSA-2025:8078",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8078"
            },
            {
              "name": "RHSA-2025:8233",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8233"
            },
            {
              "name": "RHSA-2025:8479",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8479"
            },
            {
              "name": "RHSA-2025:8512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8512"
            },
            {
              "name": "RHSA-2025:8544",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8544"
            },
            {
              "name": "RHSA-2025:8551",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8551"
            },
            {
              "name": "RHSA-2025:9294",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:9294"
            },
            {
              "name": "RHSA-2026:1536",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:1536"
            },
            {
              "name": "RHSA-2026:2769",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:2769"
            },
            {
              "name": "RHSA-2026:8568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:8568"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-11831"
            },
            {
              "name": "RHBZ#2312579",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312579"
            },
            {
              "url": "https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e"
            },
            {
              "url": "https://github.com/yahoo/serialize-javascript/pull/173"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-16T16:43:32.021Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-09-16T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-11831",
        "datePublished": "2025-02-10T15:27:46.732Z",
        "dateReserved": "2024-11-26T18:56:38.187Z",
        "dateUpdated": "2026-07-01T14:01:42.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23367 (GCVE-0-2025-23367)

    Vulnerability from cvelistv5 – Published: 2025-01-30 14:30 – Updated: 2026-04-30 13:27
    VLAI
    Title
    Org.wildfly.core:wildfly-server: wildfly improper rbac permission
    Summary
    A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 27.0.1.Final (semver)
    Affected: 28.0.0.Beta1 , < 28.0.0.Beta2 (semver)
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:4.1.119-1.Final_redhat_00004.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:7.4.21-3.GA_29548_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:4.1.119-1.Final_redhat_00004.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:7.4.21-3.GA_29548_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:4.1.119-1.Final_redhat_00004.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:7.4.21-3.GA_29548_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.7-3.GA_redhat_00004.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.7-3.GA_redhat_00004.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Date Public
    2025-01-30 00:00
    Credits
    Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T14:54:55.951787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T19:51:12.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/wildfly/wildfly-core",
              "defaultStatus": "unaffected",
              "packageName": "wildfly-core",
              "versions": [
                {
                  "lessThan": "27.0.1.Final",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "28.0.0.Beta2",
                  "status": "affected",
                  "version": "28.0.0.Beta1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.21-3.GA_29548_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.21-3.GA_29548_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-netty-transport-native-epoll",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:4.1.119-1.Final_redhat_00004.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.21-3.GA_29548_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat JBoss Enterprise Application Platform 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.7-3.GA_redhat_00004.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap8-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:8.0.7-3.GA_redhat_00004.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:build_keycloak:"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Build of Keycloak",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "affected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "org.wildfly.core/wildfly-server",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue."
            }
          ],
          "datePublic": "2025-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. \nThe vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-30T13:27:32.607Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2025:3465",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3465"
            },
            {
              "name": "RHSA-2025:3467",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3467"
            },
            {
              "name": "RHSA-2025:3989",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3989"
            },
            {
              "name": "RHSA-2025:3990",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3990"
            },
            {
              "name": "RHSA-2025:3992",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:3992"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-23367"
            },
            {
              "name": "RHBZ#2337620",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337620"
            },
            {
              "url": "https://github.com/advisories/GHSA-qr6x-62gq-4ccp"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-14T14:56:46.389Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-30T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Org.wildfly.core:wildfly-server: wildfly improper rbac permission",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-284: Improper Access Control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-23367",
        "datePublished": "2025-01-30T14:30:04.227Z",
        "dateReserved": "2025-01-14T15:23:42.645Z",
        "dateUpdated": "2026-04-30T13:27:32.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }