Search criteria Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.

40 vulnerabilities found for build_of_keycloak by redhat

CVE-2026-3190 (GCVE-0-2026-3190)

Vulnerability from nvd – Published: 2026-03-26 19:12 – Updated: 2026-03-27 13:57
VLAI?
Title
Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api
Summary
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2026-02-25 07:07
Credits
Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3190",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T13:46:23.886094Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T13:57:54.111Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue."
        }
      ],
      "datePublic": "2026-02-25T07:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T19:12:38.438Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3190"
        },
        {
          "name": "RHBZ#2442572",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442572"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-25T08:27:54.804Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-25T07:07:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3190",
    "datePublished": "2026-03-26T19:12:38.438Z",
    "dateReserved": "2026-02-25T08:35:07.988Z",
    "dateUpdated": "2026-03-27T13:57:54.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3121 (GCVE-0-2026-3121)

Vulnerability from nvd – Published: 2026-03-26 19:13 – Updated: 2026-04-01 14:14
VLAI?
Title
Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission
Summary
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2026-02-24 11:11
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T13:58:46.558680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T14:55:44.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-02-24T11:11:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T14:14:25.777Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3121"
        },
        {
          "name": "RHBZ#2442277",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442277"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-24T13:06:55.355Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-24T11:11:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3121",
    "datePublished": "2026-03-26T19:13:26.086Z",
    "dateReserved": "2026-02-24T13:09:39.644Z",
    "dateUpdated": "2026-04-01T14:14:25.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4874 (GCVE-0-2026-4874)

Vulnerability from nvd – Published: 2026-03-26 07:12 – Updated: 2026-04-01 14:24
VLAI?
Title
Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation
Summary
A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.
Severity ?
3.1 (Low)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2026-03-26 05:56
Credits
Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T13:53:59.095067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:54:08.137Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue."
        }
      ],
      "datePublic": "2026-03-26T05:56:03.440Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server\u2019s network context, potentially probing internal networks or internal APIs, leading to information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T14:24:14.569Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4874"
        },
        {
          "name": "RHBZ#2451611",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451611"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-26T05:51:10.233Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-26T05:56:03.440Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4874",
    "datePublished": "2026-03-26T07:12:37.545Z",
    "dateReserved": "2026-03-26T05:47:45.449Z",
    "dateUpdated": "2026-04-01T14:24:14.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4633 (GCVE-0-2026-4633)

Vulnerability from nvd – Published: 2026-03-23 10:53 – Updated: 2026-04-01 14:38
VLAI?
Title
Keycloak: keycloak: user enumeration via differential error messages
Summary
A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.
Severity ?
3.7 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2025-03-23 05:05
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4633",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:07:15.419255Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:52:36.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-03-23T05:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T14:38:10.321Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4633"
        },
        {
          "name": "RHBZ#2450247",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450247"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-23T08:34:37.879Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-03-23T05:05:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: user enumeration via differential error messages",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4633",
    "datePublished": "2026-03-23T10:53:35.655Z",
    "dateReserved": "2026-03-23T08:36:31.514Z",
    "dateUpdated": "2026-04-01T14:38:10.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4628 (GCVE-0-2026-4628)

Vulnerability from nvd – Published: 2026-03-23 08:09 – Updated: 2026-03-25 14:03
VLAI?
Title
Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control
Summary
A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
  • CWE-284 - Improper Access Control
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2026-03-23 00:00
Credits
Red Hat would like to thank Evan Hendra for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4628",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T14:02:51.761138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:03:04.463Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra for reporting this issue."
        }
      ],
      "datePublic": "2026-03-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak\u2019s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-23T08:09:22.123Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4628"
        },
        {
          "name": "RHBZ#2450240",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450240"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-23T07:44:56.514Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-23T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-284: Improper Access Control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4628",
    "datePublished": "2026-03-23T08:09:22.123Z",
    "dateReserved": "2026-03-23T07:45:26.489Z",
    "dateUpdated": "2026-03-25T14:03:04.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3047 (GCVE-0-2026-3047)

Vulnerability from nvd – Published: 2026-03-05 18:28 – Updated: 2026-03-06 18:13
VLAI?
Title
Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login
Summary
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
https://access.redhat.com/errata/RHSA-2026:3925 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3926 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3947 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3948 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-3047 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2441966 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.14-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2.14     cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.10-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.10     cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
Date Public ?
2026-03-05 11:24
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T18:13:06.967396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:13:14.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.14-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2.14",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.10",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-03-05T11:24:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T02:36:29.782Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3925"
        },
        {
          "name": "RHSA-2026:3926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3926"
        },
        {
          "name": "RHSA-2026:3947",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3947"
        },
        {
          "name": "RHSA-2026:3948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3948"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
        },
        {
          "name": "RHBZ#2441966",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-23T17:29:50.192Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-05T11:24:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3047",
    "datePublished": "2026-03-05T18:28:36.337Z",
    "dateReserved": "2026-02-23T17:30:53.926Z",
    "dateUpdated": "2026-03-06T18:13:14.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3009 (GCVE-0-2026-3009)

Vulnerability from nvd – Published: 2026-03-05 18:27 – Updated: 2026-03-24 11:28
VLAI?
Title
Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)
Summary
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.
Severity ?
8.1 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
https://access.redhat.com/errata/RHSA-2026:3947 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3948 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-3009 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2441867 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.10-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.10     cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
 Create a notification for this product.
Date Public ?
2026-03-05 11:23
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3009",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T18:14:28.750846Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:14:35.038Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-03-05T11:23:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T11:28:09.999Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3947",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3947"
        },
        {
          "name": "RHSA-2026:3948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3948"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3009"
        },
        {
          "name": "RHBZ#2441867",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-23T04:55:39.695Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-05T11:23:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-863: Incorrect Authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3009",
    "datePublished": "2026-03-05T18:27:43.294Z",
    "dateReserved": "2026-02-23T05:16:36.841Z",
    "dateUpdated": "2026-03-24T11:28:09.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12150 (GCVE-0-2025-12150)

Vulnerability from nvd – Published: 2026-02-27 08:10 – Updated: 2026-03-06 18:46
VLAI?
Title
Org.keycloak/keycloak-services: webauthn attestation statement verification bypass
Summary
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
Severity ?
3.1 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
Vendor Product Version
Keycloak keycloak Affected: 0 , < 26.4.4 (semver)
Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.11-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2.11     cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.4-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-3 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-3 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.4     cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
Date Public ?
2025-10-28 15:04
Credits
Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T16:45:45.376102Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:46:41.611Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "keycloak",
          "vendor": "Keycloak",
          "versions": [
            {
              "lessThan": "26.4.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.11-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat build of Keycloak 26.2.11",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.4-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat build of Keycloak 26.4.4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue."
        }
      ],
      "datePublic": "2025-10-28T15:04:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak\u2019s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T02:24:50.196Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21370",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21370"
        },
        {
          "name": "RHSA-2025:21371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21371"
        },
        {
          "name": "RHSA-2025:22088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22088"
        },
        {
          "name": "RHSA-2025:22089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22089"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-12150"
        },
        {
          "name": "RHBZ#2406192",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192"
        },
        {
          "url": "https://github.com/keycloak/keycloak/issues/43723"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-24T11:25:25.758Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-10-28T15:04:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: webauthn attestation statement verification bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-12150",
    "datePublished": "2026-02-27T08:10:15.448Z",
    "dateReserved": "2025-10-24T11:44:03.633Z",
    "dateUpdated": "2026-03-06T18:46:41.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0871 (GCVE-0-2026-0871)

Vulnerability from nvd – Published: 2026-02-27 07:30 – Updated: 2026-03-06 18:50
VLAI?
Title
Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators
Summary
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.
Severity ?
4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
https://access.redhat.com/errata/RHSA-2026:2365 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2366 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-0871 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2428881 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.9-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-11 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-10 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.9     cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
 Create a notification for this product.
Date Public ?
2025-01-13 08:08
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0871",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T16:51:23.992734Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:50:44.774Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.9-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-01-13T08:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the \"Only administrators can view\" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:30:26.766Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:2365",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2365"
        },
        {
          "name": "RHSA-2026:2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2366"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-0871"
        },
        {
          "name": "RHBZ#2428881",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428881"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-13T08:32:26.428Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-01-13T08:08:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-0871",
    "datePublished": "2026-02-27T07:30:26.766Z",
    "dateReserved": "2026-01-13T08:41:28.810Z",
    "dateUpdated": "2026-03-06T18:50:44.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7784 (GCVE-0-2025-7784)

Vulnerability from nvd – Published: 2025-07-18 13:48 – Updated: 2025-11-07 21:37
VLAI?
Title
Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)
Summary
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
https://access.redhat.com/errata/RHSA-2025:12015 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12016 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7784 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2381861 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 26.2.6 (semver)
    Red Hat Red Hat build of Keycloak 26     cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.6-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-6 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-6 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
 Create a notification for this product.
Date Public ?
2025-07-18 00:00
Credits
Red Hat would like to thank Patrick Kutz for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T14:46:09.378551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T14:56:11.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "26.2.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat build of Keycloak 26",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.6-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Patrick Kutz for reporting this issue."
        }
      ],
      "datePublic": "2025-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T21:37:40.791Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:12015",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12015"
        },
        {
          "name": "RHSA-2025:12016",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12016"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-7784"
        },
        {
          "name": "RHBZ#2381861",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-18T05:54:39.333Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-18T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-269: Improper Privilege Management"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-7784",
    "datePublished": "2025-07-18T13:48:45.713Z",
    "dateReserved": "2025-07-18T06:05:57.305Z",
    "dateUpdated": "2025-11-07T21:37:40.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-3910 (GCVE-0-2025-3910)

Vulnerability from nvd – Published: 2025-04-29 20:46 – Updated: 2026-01-29 19:37
VLAI?
Title
Org.keycloak.authentication: two factor authentication bypass
Summary
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Affected: 25.0.0 , < 25.* (semver)
Affected: 26.0.0 , < 26.0.11 (semver)
Unknown: 26.1.0 , < 26.1.* (semver)
Affected: 26.2.0 , < 26.2.2 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:26
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0.11-2 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-13 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
 Create a notification for this product.
Date Public ?
2025-04-29 00:00
Credits
This issue was discovered by Marek Posolda (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:52:31.582697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:53:38.734Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.keycloak.org/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "25.*",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.0.11",
              "status": "affected",
              "version": "26.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.1.*",
              "status": "unknown",
              "version": "26.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.2.2",
              "status": "affected",
              "version": "26.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak.authentication",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0.11-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-13",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Marek Posolda (Red Hat)."
        }
      ],
      "datePublic": "2025-04-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T19:37:51.422Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4335"
        },
        {
          "name": "RHSA-2025:4336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4336"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-3910"
        },
        {
          "name": "RHBZ#2361923",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923"
        },
        {
          "url": "https://github.com/keycloak/keycloak/issues/39349"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-23T19:23:26.537Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-29T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.authentication: two factor authentication bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "No current mitigations are available for this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-3910",
    "datePublished": "2025-04-29T20:46:39.828Z",
    "dateReserved": "2025-04-23T19:29:10.054Z",
    "dateUpdated": "2026-01-29T19:37:51.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10234 (GCVE-0-2024-10234)

Vulnerability from nvd – Published: 2024-10-22 13:17 – Updated: 2025-11-11 16:05
VLAI?
Title
Wildfly: wildfly vulnerable to cross-site scripting (xss)
Summary
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
https://access.redhat.com/errata/RHSA-2025:10924 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10925 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10926 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10931 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11636 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11638 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11639 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11640 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11645 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2025 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2026 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2029 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-10234 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2320848 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 35.0.0 , < 35.0.0 (semver)
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4.23     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.16.0-21.redhat_00055.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:3.5.10-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 1:1.0.2-5.redhat_00004.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.16.0-21.redhat_00055.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:3.5.10-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 1:1.0.2-5.redhat_00004.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.16.0-21.redhat_00055.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:3.5.10-1.redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 1:1.0.2-5.redhat_00004.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.6.6-5.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.13-2.redhat_5.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.214-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.8.0-2.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-3.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.0-3.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-4.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.2-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.1-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.1.0-3.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.1.13-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.4.0-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.0-2.redhat_8.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.9.0-2.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.1-2.Final_redhat_3.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.2.21-2.redhat_00001.2.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.4.0-3.redhat_00003.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.2.0-3.redhat_12.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.6.6-5.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.13-2.redhat_5.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.214-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.8.0-2.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-3.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.0-3.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-4.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.2-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.1-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.1.0-3.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.1.13-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.4.0-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.0-2.redhat_8.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.9.0-2.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.1-2.Final_redhat_3.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.2.21-2.redhat_00001.2.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.4.0-3.redhat_00003.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.2.0-3.redhat_12.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.19-1.redhat_00002.1.el7sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.19-1.redhat_00002.1.el8sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.19-1.redhat_00002.1.el9sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
 Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-67 , < * (rpm)
    cpe:/a:redhat:rhosemc:1.0::el8
 Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
 Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
 Create a notification for this product.
Date Public ?
2024-10-22 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T17:41:01.307691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T17:41:14.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/wildfly/wildfly",
          "defaultStatus": "unaffected",
          "packageName": "wildfly",
          "versions": [
            {
              "lessThan": "35.0.0",
              "status": "affected",
              "version": "35.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4.23",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-azure-storage",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.6.6-5.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.6.0-2.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-gnu-getopt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-2.redhat_5.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-h2database",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.214-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.23-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-commons-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.6-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jackson-coreutils",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authentication-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authorization-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.2-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-lang-model",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-security-enterprise-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-javaewah",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.13-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-aesh",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-common-beans",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-dmr",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-ejb3-ext-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-genericjms",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-iiop-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-invocation",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.19-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-msc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-remoting-jmx",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-stdio",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-transaction-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-vfs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.0-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.1-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-2.redhat_8.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-json-patch",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.0-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jul-to-slf4j-stub",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-2.Final_redhat_3.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-reactivex-rxjava2",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.21-2.redhat_00001.2.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-staxmapper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.6-5.GA_redhat_00004.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-4.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-woodstox-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.4.0-3.redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-xml-commons-resolver",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.0-3.redhat_12.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-azure-storage",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.6.6-5.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.6.0-2.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-gnu-getopt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-2.redhat_5.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-h2database",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.214-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.23-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-commons-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.6-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jackson-coreutils",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authentication-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authorization-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.2-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-lang-model",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-security-enterprise-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-javaewah",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.13-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-aesh",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-common-beans",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-dmr",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-ejb3-ext-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-genericjms",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-iiop-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-invocation",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.19-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-msc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-remoting-jmx",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-stdio",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-transaction-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-vfs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.0-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.1-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-2.redhat_8.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-json-patch",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.0-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jul-to-slf4j-stub",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-2.Final_redhat_3.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-reactivex-rxjava2",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.21-2.redhat_00001.2.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-staxmapper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.6-5.GA_redhat_00004.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-4.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-woodstox-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.4.0-3.redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-xml-commons-resolver",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.0-3.redhat_12.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-client",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-67",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T16:05:02.693Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:10924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        },
        {
          "name": "RHSA-2025:10925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        },
        {
          "name": "RHSA-2025:10926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        },
        {
          "name": "RHSA-2025:10931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        },
        {
          "name": "RHSA-2025:11636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11636"
        },
        {
          "name": "RHSA-2025:11638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11638"
        },
        {
          "name": "RHSA-2025:11639",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11639"
        },
        {
          "name": "RHSA-2025:11640",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11640"
        },
        {
          "name": "RHSA-2025:11645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11645"
        },
        {
          "name": "RHSA-2025:2025",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2025"
        },
        {
          "name": "RHSA-2025:2026",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2026"
        },
        {
          "name": "RHSA-2025:2029",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2029"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "name": "RHBZ#2320848",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-22T01:46:48.739Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-22T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Wildfly: wildfly vulnerable to cross-site scripting (xss)",
      "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-10234",
    "datePublished": "2024-10-22T13:17:57.891Z",
    "dateReserved": "2024-10-22T01:50:57.793Z",
    "dateUpdated": "2025-11-11T16:05:02.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8883 (GCVE-0-2024-8883)

Vulnerability from nvd – Published: 2024-09-19 15:48 – Updated: 2026-04-01 13:27
VLAI?
Title
Keycloak: vulnerable redirect uri validation results in open redirec
Summary
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
https://access.redhat.com/errata/RHSA-2024:10385 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10386 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6878 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6879 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6880 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6882 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6886 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6887 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6888 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6889 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6890 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8823 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8824 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8826 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8883 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2312511 issue-trackingx_refsource_REDHAT
https://github.com/keycloak/keycloak/blob/main/se…
Impacted products
Vendor Product Version
Affected: 0 , < 22.0.12 (semver)
Affected: 23.0.0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.5 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:22
 Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.13-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-18 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-21 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.8-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-17 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-17 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.33.0-1.redhat_00015.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.8.0-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.2.0-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.16.1-2.redhat_00007.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.2.2-28.redhat_2.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.15.1-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.14.0-2.redhat_00006.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.5-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-1.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:0.1.0-2.redhat_00010.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.12.284-2.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.2.5-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.0-4.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:0.8.1-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.1-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.2-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.22.1-1.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:9.37.3-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:9.6.0-1.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.0-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.4-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.0-6.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.16-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.2.0-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.33.0-1.redhat_00015.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.8.0-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.2.0-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.16.1-2.redhat_00007.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.2.2-28.redhat_2.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.15.1-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.14.0-2.redhat_00006.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.5-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-1.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:0.1.0-2.redhat_00010.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.12.284-2.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.2.5-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.0-4.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:0.8.1-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.1-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.2-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.22.1-1.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:9.37.3-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:9.6.0-1.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.0-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.4-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.0-6.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.16-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.2.0-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.18-1.redhat_00001.1.el7sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.18-1.redhat_00001.1.el8sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.18-1.redhat_00001.1.el9sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
 Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-54 , < * (rpm)
    cpe:/a:redhat:rhosemc:1.0::el8
 Create a notification for this product.
Date Public ?
2024-09-19 15:13
Credits
Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:28:37.383842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:56:50.064Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "versions": [
            {
              "lessThan": "22.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.5",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.8-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.1-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-3.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.33.0-1.redhat_00015.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-readline",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-codec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.16.1-2.redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-collections",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.2-28.redhat_2.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-io",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.1-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-lang",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0-2.redhat_00006.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.5-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-asyncutil",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.0-2.redhat_00010.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aws-java-sdk",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.284-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-cryptacular",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.5-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.0-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-fastinfoset",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.31-1.Final_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.1-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hppc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.8.1-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-insights-java-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-cert-helper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logging",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jctools",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jgroups",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.10-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-log4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-narayana",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-nimbus-jose-jwt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.37.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-objectweb-asm",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.6.0-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-pem-keystore",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-spring",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-saaj-impl",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-shibboleth-java-support",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-6.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.16-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-snakeyaml",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-2.GA_redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.1-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-3.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.33.0-1.redhat_00015.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-readline",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-codec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.16.1-2.redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-collections",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.2-28.redhat_2.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-io",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.1-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-lang",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0-2.redhat_00006.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.5-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-asyncutil",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.0-2.redhat_00010.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aws-java-sdk",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.284-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-cryptacular",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.5-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.0-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-fastinfoset",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.31-1.Final_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.1-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hppc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.8.1-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-insights-java-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-cert-helper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logging",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jctools",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jgroups",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.10-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-log4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-narayana",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-nimbus-jose-jwt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.37.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-objectweb-asm",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.6.0-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-pem-keystore",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-spring",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-saaj-impl",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-shibboleth-java-support",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-6.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.16-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-snakeyaml",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-2.GA_redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-54",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue."
        }
      ],
      "datePublic": "2024-09-19T15:13:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a \u0027Valid Redirect URI\u0027 is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:27:25.248Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10385",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10385"
        },
        {
          "name": "RHSA-2024:10386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10386"
        },
        {
          "name": "RHSA-2024:6878",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6878"
        },
        {
          "name": "RHSA-2024:6879",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6879"
        },
        {
          "name": "RHSA-2024:6880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6880"
        },
        {
          "name": "RHSA-2024:6882",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6882"
        },
        {
          "name": "RHSA-2024:6886",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6886"
        },
        {
          "name": "RHSA-2024:6887",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6887"
        },
        {
          "name": "RHSA-2024:6888",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6888"
        },
        {
          "name": "RHSA-2024:6889",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6889"
        },
        {
          "name": "RHSA-2024:6890",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6890"
        },
        {
          "name": "RHSA-2024:8823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8823"
        },
        {
          "name": "RHSA-2024:8824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8824"
        },
        {
          "name": "RHSA-2024:8826",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8826"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-8883"
        },
        {
          "name": "RHBZ#2312511",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511"
        },
        {
          "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-16T06:17:01.573Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-19T15:13:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: vulnerable redirect uri validation results in open redirec",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-8883",
    "datePublished": "2024-09-19T15:48:28.468Z",
    "dateReserved": "2024-09-16T06:45:30.550Z",
    "dateUpdated": "2026-04-01T13:27:25.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7341 (GCVE-0-2024-7341)

Vulnerability from nvd – Published: 2024-09-09 18:51 – Updated: 2026-04-01 13:28
VLAI?
Title
Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
Summary
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 , < 22.0.12 (semver)
Affected: 23.0.0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.5 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:22
 Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.12-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-17 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-20 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.7-4 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
 Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-52 , < * (rpm)
    cpe:/a:redhat:rhosemc:1.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
Date Public ?
2024-09-09 13:48
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7341",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:59:06.075961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:59:16.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak:keycloak-services",
          "versions": [
            {
              "lessThan": "22.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.5",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-20",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-09-09T13:48:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:28:23.282Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6493"
        },
        {
          "name": "RHSA-2024:6494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6494"
        },
        {
          "name": "RHSA-2024:6495",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6495"
        },
        {
          "name": "RHSA-2024:6497",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6497"
        },
        {
          "name": "RHSA-2024:6499",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6499"
        },
        {
          "name": "RHSA-2024:6500",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6500"
        },
        {
          "name": "RHSA-2024:6501",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6501"
        },
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7341"
        },
        {
          "name": "RHBZ#2302064",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064"
        },
        {
          "url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T15:02:21.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:48:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-384: Session Fixation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7341",
    "datePublished": "2024-09-09T18:51:13.537Z",
    "dateReserved": "2024-07-31T15:13:22.220Z",
    "dateUpdated": "2026-04-01T13:28:23.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7318 (GCVE-0-2024-7318)

Vulnerability from nvd – Published: 2024-09-09 18:50 – Updated: 2026-01-26 15:11
VLAI?
Title
Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity
Summary
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.
Severity ?
4.8 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE
  • CWE-324 - Use of a Key Past its Expiration Date
Assigner
References
https://access.redhat.com/errata/RHSA-2024:6502 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6503 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7318 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2301876 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.4 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.7-4 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
Date Public ?
2024-09-09 13:55
Credits
This issue was discovered by Todd Cullum (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7318",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:08:16.666351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:08:33.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "versions": [
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.4",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Todd Cullum (Red Hat)."
        }
      ],
      "datePublic": "2024-09-09T13:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\r\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-324",
              "description": "Use of a Key Past its Expiration Date",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-26T15:11:07.763Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7318"
        },
        {
          "name": "RHBZ#2301876",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301876"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T03:04:38.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:55:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-324: Use of a Key Past its Expiration Date"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7318",
    "datePublished": "2024-09-09T18:50:36.583Z",
    "dateReserved": "2024-07-31T03:04:15.355Z",
    "dateUpdated": "2026-01-26T15:11:07.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7260 (GCVE-0-2024-7260)

Vulnerability from nvd – Published: 2024-09-09 18:49 – Updated: 2026-01-23 17:00
VLAI?
Title
Keycloak-core: open redirect on account page
Summary
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
https://access.redhat.com/errata/RHSA-2024:6502 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6503 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7260 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2301875 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 24.0.7 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.7-4 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
Date Public ?
2024-09-09 13:55
Credits
This issue was discovered by Todd Cullum (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:13:21.486531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:13:53.628Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Todd Cullum (Red Hat)."
        }
      ],
      "datePublic": "2024-09-09T13:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T17:00:35.528Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7260"
        },
        {
          "name": "RHBZ#2301875",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T02:53:42.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:55:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-core: open redirect on account page",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7260",
    "datePublished": "2024-09-09T18:49:59.437Z",
    "dateReserved": "2024-07-30T02:24:02.197Z",
    "dateUpdated": "2026-01-23T17:00:35.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3121 (GCVE-0-2026-3121)

Vulnerability from cvelistv5 – Published: 2026-03-26 19:13 – Updated: 2026-04-01 14:14
VLAI?
Title
Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission
Summary
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2026-02-24 11:11
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T13:58:46.558680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T14:55:44.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-02-24T11:11:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T14:14:25.777Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3121"
        },
        {
          "name": "RHBZ#2442277",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442277"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-24T13:06:55.355Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-24T11:11:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3121",
    "datePublished": "2026-03-26T19:13:26.086Z",
    "dateReserved": "2026-02-24T13:09:39.644Z",
    "dateUpdated": "2026-04-01T14:14:25.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3190 (GCVE-0-2026-3190)

Vulnerability from cvelistv5 – Published: 2026-03-26 19:12 – Updated: 2026-03-27 13:57
VLAI?
Title
Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api
Summary
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2026-02-25 07:07
Credits
Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3190",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T13:46:23.886094Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T13:57:54.111Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue."
        }
      ],
      "datePublic": "2026-02-25T07:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T19:12:38.438Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3190"
        },
        {
          "name": "RHBZ#2442572",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442572"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-25T08:27:54.804Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-25T07:07:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3190",
    "datePublished": "2026-03-26T19:12:38.438Z",
    "dateReserved": "2026-02-25T08:35:07.988Z",
    "dateUpdated": "2026-03-27T13:57:54.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4874 (GCVE-0-2026-4874)

Vulnerability from cvelistv5 – Published: 2026-03-26 07:12 – Updated: 2026-04-01 14:24
VLAI?
Title
Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation
Summary
A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.
Severity ?
3.1 (Low)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2026-03-26 05:56
Credits
Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T13:53:59.095067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:54:08.137Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue."
        }
      ],
      "datePublic": "2026-03-26T05:56:03.440Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server\u2019s network context, potentially probing internal networks or internal APIs, leading to information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T14:24:14.569Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4874"
        },
        {
          "name": "RHBZ#2451611",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451611"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-26T05:51:10.233Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-26T05:56:03.440Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4874",
    "datePublished": "2026-03-26T07:12:37.545Z",
    "dateReserved": "2026-03-26T05:47:45.449Z",
    "dateUpdated": "2026-04-01T14:24:14.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4633 (GCVE-0-2026-4633)

Vulnerability from cvelistv5 – Published: 2026-03-23 10:53 – Updated: 2026-04-01 14:38
VLAI?
Title
Keycloak: keycloak: user enumeration via differential error messages
Summary
A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.
Severity ?
3.7 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2025-03-23 05:05
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4633",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:07:15.419255Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:52:36.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-03-23T05:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T14:38:10.321Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4633"
        },
        {
          "name": "RHBZ#2450247",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450247"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-23T08:34:37.879Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-03-23T05:05:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: user enumeration via differential error messages",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4633",
    "datePublished": "2026-03-23T10:53:35.655Z",
    "dateReserved": "2026-03-23T08:36:31.514Z",
    "dateUpdated": "2026-04-01T14:38:10.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4628 (GCVE-0-2026-4628)

Vulnerability from cvelistv5 – Published: 2026-03-23 08:09 – Updated: 2026-03-25 14:03
VLAI?
Title
Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control
Summary
A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
  • CWE-284 - Improper Access Control
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
Date Public ?
2026-03-23 00:00
Credits
Red Hat would like to thank Evan Hendra for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4628",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T14:02:51.761138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:03:04.463Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra for reporting this issue."
        }
      ],
      "datePublic": "2026-03-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak\u2019s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-23T08:09:22.123Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4628"
        },
        {
          "name": "RHBZ#2450240",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450240"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-23T07:44:56.514Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-23T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-284: Improper Access Control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4628",
    "datePublished": "2026-03-23T08:09:22.123Z",
    "dateReserved": "2026-03-23T07:45:26.489Z",
    "dateUpdated": "2026-03-25T14:03:04.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3047 (GCVE-0-2026-3047)

Vulnerability from cvelistv5 – Published: 2026-03-05 18:28 – Updated: 2026-03-06 18:13
VLAI?
Title
Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login
Summary
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
https://access.redhat.com/errata/RHSA-2026:3925 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3926 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3947 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3948 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-3047 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2441966 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.14-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2.14     cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.10-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.10     cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
Date Public ?
2026-03-05 11:24
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T18:13:06.967396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:13:14.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.14-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2.14",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.10",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-03-05T11:24:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T02:36:29.782Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3925"
        },
        {
          "name": "RHSA-2026:3926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3926"
        },
        {
          "name": "RHSA-2026:3947",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3947"
        },
        {
          "name": "RHSA-2026:3948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3948"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
        },
        {
          "name": "RHBZ#2441966",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-23T17:29:50.192Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-05T11:24:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3047",
    "datePublished": "2026-03-05T18:28:36.337Z",
    "dateReserved": "2026-02-23T17:30:53.926Z",
    "dateUpdated": "2026-03-06T18:13:14.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3009 (GCVE-0-2026-3009)

Vulnerability from cvelistv5 – Published: 2026-03-05 18:27 – Updated: 2026-03-24 11:28
VLAI?
Title
Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)
Summary
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.
Severity ?
8.1 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-863 - Incorrect Authorization
Assigner
References
https://access.redhat.com/errata/RHSA-2026:3947 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3948 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-3009 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2441867 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.10-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.10     cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
 Create a notification for this product.
Date Public ?
2026-03-05 11:23
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3009",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T18:14:28.750846Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:14:35.038Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-03-05T11:23:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T11:28:09.999Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3947",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3947"
        },
        {
          "name": "RHSA-2026:3948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3948"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3009"
        },
        {
          "name": "RHBZ#2441867",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-23T04:55:39.695Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-05T11:23:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-863: Incorrect Authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3009",
    "datePublished": "2026-03-05T18:27:43.294Z",
    "dateReserved": "2026-02-23T05:16:36.841Z",
    "dateUpdated": "2026-03-24T11:28:09.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-12150 (GCVE-0-2025-12150)

Vulnerability from cvelistv5 – Published: 2026-02-27 08:10 – Updated: 2026-03-06 18:46
VLAI?
Title
Org.keycloak/keycloak-services: webauthn attestation statement verification bypass
Summary
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
Severity ?
3.1 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
Vendor Product Version
Keycloak keycloak Affected: 0 , < 26.4.4 (semver)
Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.11-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2.11     cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.4-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-3 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-3 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.4     cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
Date Public ?
2025-10-28 15:04
Credits
Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-12150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T16:45:45.376102Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:46:41.611Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "keycloak",
          "vendor": "Keycloak",
          "versions": [
            {
              "lessThan": "26.4.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.11-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat build of Keycloak 26.2.11",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.4-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat build of Keycloak 26.4.4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue."
        }
      ],
      "datePublic": "2025-10-28T15:04:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak\u2019s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T02:24:50.196Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21370",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21370"
        },
        {
          "name": "RHSA-2025:21371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21371"
        },
        {
          "name": "RHSA-2025:22088",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22088"
        },
        {
          "name": "RHSA-2025:22089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22089"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-12150"
        },
        {
          "name": "RHBZ#2406192",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192"
        },
        {
          "url": "https://github.com/keycloak/keycloak/issues/43723"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-24T11:25:25.758Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-10-28T15:04:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: webauthn attestation statement verification bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-12150",
    "datePublished": "2026-02-27T08:10:15.448Z",
    "dateReserved": "2025-10-24T11:44:03.633Z",
    "dateUpdated": "2026-03-06T18:46:41.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0871 (GCVE-0-2026-0871)

Vulnerability from cvelistv5 – Published: 2026-02-27 07:30 – Updated: 2026-03-06 18:50
VLAI?
Title
Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators
Summary
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.
Severity ?
4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
https://access.redhat.com/errata/RHSA-2026:2365 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:2366 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-0871 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2428881 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.9-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-11 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-10 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.4.9     cpe:/a:redhat:build_keycloak:26.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
 Create a notification for this product.
Date Public ?
2025-01-13 08:08
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0871",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T16:51:23.992734Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:50:44.774Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.9-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-11",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-01-13T08:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the \"Only administrators can view\" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-27T07:30:26.766Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:2365",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2365"
        },
        {
          "name": "RHSA-2026:2366",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:2366"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-0871"
        },
        {
          "name": "RHBZ#2428881",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428881"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-13T08:32:26.428Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-01-13T08:08:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-0871",
    "datePublished": "2026-02-27T07:30:26.766Z",
    "dateReserved": "2026-01-13T08:41:28.810Z",
    "dateUpdated": "2026-03-06T18:50:44.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7784 (GCVE-0-2025-7784)

Vulnerability from cvelistv5 – Published: 2025-07-18 13:48 – Updated: 2025-11-07 21:37
VLAI?
Title
Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)
Summary
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
https://access.redhat.com/errata/RHSA-2025:12015 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12016 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-7784 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2381861 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 26.2.6 (semver)
    Red Hat Red Hat build of Keycloak 26     cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.6-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-6 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-6 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
 Create a notification for this product.
Date Public ?
2025-07-18 00:00
Credits
Red Hat would like to thank Patrick Kutz for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T14:46:09.378551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T14:56:11.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "26.2.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat build of Keycloak 26",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.6-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Patrick Kutz for reporting this issue."
        }
      ],
      "datePublic": "2025-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T21:37:40.791Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:12015",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12015"
        },
        {
          "name": "RHSA-2025:12016",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12016"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-7784"
        },
        {
          "name": "RHBZ#2381861",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-18T05:54:39.333Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-18T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-269: Improper Privilege Management"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-7784",
    "datePublished": "2025-07-18T13:48:45.713Z",
    "dateReserved": "2025-07-18T06:05:57.305Z",
    "dateUpdated": "2025-11-07T21:37:40.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-3910 (GCVE-0-2025-3910)

Vulnerability from cvelistv5 – Published: 2025-04-29 20:46 – Updated: 2026-01-29 19:37
VLAI?
Title
Org.keycloak.authentication: two factor authentication bypass
Summary
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Affected: 25.0.0 , < 25.* (semver)
Affected: 26.0.0 , < 26.0.11 (semver)
Unknown: 26.1.0 , < 26.1.* (semver)
Affected: 26.2.0 , < 26.2.2 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:26
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0.11-2 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-12 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 26.0 Unaffected: 26.0-13 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.0::el9
 Create a notification for this product.
Date Public ?
2025-04-29 00:00
Credits
This issue was discovered by Marek Posolda (Red Hat).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:52:31.582697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:53:38.734Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.keycloak.org/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "25.*",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.0.11",
              "status": "affected",
              "version": "26.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.1.*",
              "status": "unknown",
              "version": "26.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.2.2",
              "status": "affected",
              "version": "26.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak.authentication",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0.11-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-13",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Marek Posolda (Red Hat)."
        }
      ],
      "datePublic": "2025-04-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T19:37:51.422Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4335"
        },
        {
          "name": "RHSA-2025:4336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4336"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-3910"
        },
        {
          "name": "RHBZ#2361923",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923"
        },
        {
          "url": "https://github.com/keycloak/keycloak/issues/39349"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-23T19:23:26.537Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-29T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.authentication: two factor authentication bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "No current mitigations are available for this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-3910",
    "datePublished": "2025-04-29T20:46:39.828Z",
    "dateReserved": "2025-04-23T19:29:10.054Z",
    "dateUpdated": "2026-01-29T19:37:51.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10234 (GCVE-0-2024-10234)

Vulnerability from cvelistv5 – Published: 2024-10-22 13:17 – Updated: 2025-11-11 16:05
VLAI?
Title
Wildfly: wildfly vulnerable to cross-site scripting (xss)
Summary
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
https://access.redhat.com/errata/RHSA-2025:10924 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10925 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10926 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:10931 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11636 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11638 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11639 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11640 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:11645 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2025 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2026 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:2029 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-10234 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2320848 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 35.0.0 , < 35.0.0 (semver)
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4.23     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.16.0-21.redhat_00055.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:3.5.10-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 1:1.0.2-5.redhat_00004.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.16.0-21.redhat_00055.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:3.5.10-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 1:1.0.2-5.redhat_00004.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.16.0-21.redhat_00055.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:3.5.10-1.redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 1:1.0.2-5.redhat_00004.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el7eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.6.6-5.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.13-2.redhat_5.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.214-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.8.0-2.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-3.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.0-3.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-4.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.2-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.1-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.1.0-3.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.1.13-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.4.0-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.0-2.redhat_8.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.9.0-2.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.0.1-2.Final_redhat_3.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.2.21-2.redhat_00001.2.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.4.0-3.redhat_00003.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.2.0-3.redhat_12.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.6.6-5.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.13-2.redhat_5.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.214-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.8.0-2.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-3.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.0-3.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-4.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.2-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.1-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.1.0-3.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.1.13-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.4.0-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.0-2.redhat_8.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.9.0-2.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.0.1-2.Final_redhat_3.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.2.21-2.redhat_00001.2.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.4.0-3.redhat_00003.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.2.0-3.redhat_12.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.19-1.redhat_00002.1.el7sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.19-1.redhat_00002.1.el8sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.19-1.redhat_00002.1.el9sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
 Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-67 , < * (rpm)
    cpe:/a:redhat:rhosemc:1.0::el8
 Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
 Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
 Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
 Create a notification for this product.
Date Public ?
2024-10-22 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T17:41:01.307691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T17:41:14.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/wildfly/wildfly",
          "defaultStatus": "unaffected",
          "packageName": "wildfly",
          "versions": [
            {
              "lessThan": "35.0.0",
              "status": "affected",
              "version": "35.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4.23",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-azure-storage",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.6.6-5.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.6.0-2.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-gnu-getopt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-2.redhat_5.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-h2database",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.214-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.23-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-commons-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.6-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jackson-coreutils",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authentication-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authorization-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.2-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-lang-model",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-security-enterprise-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-javaewah",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.13-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-aesh",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-common-beans",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-dmr",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-ejb3-ext-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-genericjms",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-iiop-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-invocation",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.19-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-msc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-remoting-jmx",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-stdio",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-transaction-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-vfs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.0-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.1-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-2.redhat_8.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-json-patch",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.0-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jul-to-slf4j-stub",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-2.Final_redhat_3.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-reactivex-rxjava2",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.21-2.redhat_00001.2.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-staxmapper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.6-5.GA_redhat_00004.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-4.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-woodstox-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.4.0-3.redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-xml-commons-resolver",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.0-3.redhat_12.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-azure-storage",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.6.6-5.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.6.0-2.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-gnu-getopt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-2.redhat_5.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-h2database",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.214-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.23-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-commons-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.6-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jackson-coreutils",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authentication-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authorization-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.2-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-lang-model",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-security-enterprise-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-javaewah",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.13-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-aesh",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-common-beans",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-dmr",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-ejb3-ext-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-genericjms",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-iiop-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-invocation",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.19-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-msc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-remoting-jmx",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-stdio",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-transaction-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-vfs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.0-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.1-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-2.redhat_8.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-json-patch",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.0-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jul-to-slf4j-stub",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-2.Final_redhat_3.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-reactivex-rxjava2",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.21-2.redhat_00001.2.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-staxmapper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.6-5.GA_redhat_00004.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-4.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-woodstox-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.4.0-3.redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-xml-commons-resolver",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.0-3.redhat_12.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-client",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-67",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T16:05:02.693Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:10924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        },
        {
          "name": "RHSA-2025:10925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        },
        {
          "name": "RHSA-2025:10926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        },
        {
          "name": "RHSA-2025:10931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        },
        {
          "name": "RHSA-2025:11636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11636"
        },
        {
          "name": "RHSA-2025:11638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11638"
        },
        {
          "name": "RHSA-2025:11639",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11639"
        },
        {
          "name": "RHSA-2025:11640",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11640"
        },
        {
          "name": "RHSA-2025:11645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11645"
        },
        {
          "name": "RHSA-2025:2025",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2025"
        },
        {
          "name": "RHSA-2025:2026",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2026"
        },
        {
          "name": "RHSA-2025:2029",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2029"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "name": "RHBZ#2320848",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-22T01:46:48.739Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-22T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Wildfly: wildfly vulnerable to cross-site scripting (xss)",
      "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-10234",
    "datePublished": "2024-10-22T13:17:57.891Z",
    "dateReserved": "2024-10-22T01:50:57.793Z",
    "dateUpdated": "2025-11-11T16:05:02.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8883 (GCVE-0-2024-8883)

Vulnerability from cvelistv5 – Published: 2024-09-19 15:48 – Updated: 2026-04-01 13:27
VLAI?
Title
Keycloak: vulnerable redirect uri validation results in open redirec
Summary
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
https://access.redhat.com/errata/RHSA-2024:10385 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:10386 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6878 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6879 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6880 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6882 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6886 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6887 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6888 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6889 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:6890 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8823 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8824 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:8826 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8883 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2312511 issue-trackingx_refsource_REDHAT
https://github.com/keycloak/keycloak/blob/main/se…
Impacted products
Vendor Product Version
Affected: 0 , < 22.0.12 (semver)
Affected: 23.0.0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.5 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:22
 Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.13-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-18 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-21 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.8-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-17 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-17 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8.0
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.33.0-1.redhat_00015.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.8.0-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.2.0-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.16.1-2.redhat_00007.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.2.2-28.redhat_2.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.15.1-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.14.0-2.redhat_00006.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.5-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-1.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:0.1.0-2.redhat_00010.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.12.284-2.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.2.5-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.1.0-4.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:0.8.1-2.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.1-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:4.0.2-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.22.1-1.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:9.37.3-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:9.6.0-1.redhat_00002.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.3.0-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:3.0.4-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.0-6.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.0.16-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:2.2.0-1.redhat_00001.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el8eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.33.0-1.redhat_00015.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.8.0-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.2.0-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.16.1-2.redhat_00007.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.2.2-28.redhat_2.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.15.1-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.14.0-2.redhat_00006.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.5-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-1.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:0.1.0-2.redhat_00010.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.12.284-2.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.2.5-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.1.0-4.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:0.8.1-2.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.1-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:4.0.2-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.22.1-1.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:9.37.3-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:9.6.0-1.redhat_00002.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.3.0-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:3.0.4-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.0-6.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.0.16-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:2.2.0-1.redhat_00001.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el9eap , < * (rpm)
    cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.18-1.redhat_00001.1.el7sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.18-1.redhat_00001.1.el8sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.18-1.redhat_00001.1.el9sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
 Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-54 , < * (rpm)
    cpe:/a:redhat:rhosemc:1.0::el8
 Create a notification for this product.
Date Public ?
2024-09-19 15:13
Credits
Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:28:37.383842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:56:50.064Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "versions": [
            {
              "lessThan": "22.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.5",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.8-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.1-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-3.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.33.0-1.redhat_00015.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-readline",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-codec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.16.1-2.redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-collections",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.2-28.redhat_2.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-io",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.1-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-lang",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0-2.redhat_00006.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.5-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-asyncutil",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.0-2.redhat_00010.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aws-java-sdk",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.284-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-cryptacular",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.5-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.0-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-fastinfoset",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.31-1.Final_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.1-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hppc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.8.1-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-insights-java-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-cert-helper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logging",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jctools",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jgroups",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.10-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-log4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-narayana",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-nimbus-jose-jwt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.37.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-objectweb-asm",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.6.0-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-pem-keystore",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-spring",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-saaj-impl",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-shibboleth-java-support",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-6.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.16-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-snakeyaml",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-2.GA_redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.1-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-3.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.33.0-1.redhat_00015.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-readline",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-codec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.16.1-2.redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-collections",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.2-28.redhat_2.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-io",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.1-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-lang",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0-2.redhat_00006.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.5-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-asyncutil",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.0-2.redhat_00010.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aws-java-sdk",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.284-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-cryptacular",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.5-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.0-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-fastinfoset",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.31-1.Final_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.1-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hppc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.8.1-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-insights-java-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-cert-helper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logging",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jctools",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jgroups",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.10-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-log4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-narayana",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-nimbus-jose-jwt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.37.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-objectweb-asm",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.6.0-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-pem-keystore",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-spring",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-saaj-impl",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-shibboleth-java-support",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-6.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.16-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-snakeyaml",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-2.GA_redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-54",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue."
        }
      ],
      "datePublic": "2024-09-19T15:13:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a \u0027Valid Redirect URI\u0027 is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:27:25.248Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10385",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10385"
        },
        {
          "name": "RHSA-2024:10386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10386"
        },
        {
          "name": "RHSA-2024:6878",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6878"
        },
        {
          "name": "RHSA-2024:6879",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6879"
        },
        {
          "name": "RHSA-2024:6880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6880"
        },
        {
          "name": "RHSA-2024:6882",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6882"
        },
        {
          "name": "RHSA-2024:6886",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6886"
        },
        {
          "name": "RHSA-2024:6887",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6887"
        },
        {
          "name": "RHSA-2024:6888",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6888"
        },
        {
          "name": "RHSA-2024:6889",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6889"
        },
        {
          "name": "RHSA-2024:6890",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6890"
        },
        {
          "name": "RHSA-2024:8823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8823"
        },
        {
          "name": "RHSA-2024:8824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8824"
        },
        {
          "name": "RHSA-2024:8826",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8826"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-8883"
        },
        {
          "name": "RHBZ#2312511",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511"
        },
        {
          "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-16T06:17:01.573Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-19T15:13:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: vulnerable redirect uri validation results in open redirec",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-8883",
    "datePublished": "2024-09-19T15:48:28.468Z",
    "dateReserved": "2024-09-16T06:45:30.550Z",
    "dateUpdated": "2026-04-01T13:27:25.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7341 (GCVE-0-2024-7341)

Vulnerability from cvelistv5 – Published: 2024-09-09 18:51 – Updated: 2026-04-01 13:28
VLAI?
Title
Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters
Summary
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 , < 22.0.12 (semver)
Affected: 23.0.0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.5 (semver)
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:22
 Create a notification for this product.
    Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:24
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22.0.12-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-17 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 22 Unaffected: 22-20 , < * (rpm)
    cpe:/a:redhat:build_keycloak:22::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24.0.7-4 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat build of Keycloak 24 Unaffected: 24-16 , < * (rpm)
    cpe:/a:redhat:build_keycloak:24::el9
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
 Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm)
    cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
 Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-52 , < * (rpm)
    cpe:/a:redhat:rhosemc:1.0::el8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
 Create a notification for this product.
Date Public ?
2024-09-09 13:48
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7341",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:59:06.075961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:59:16.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak:keycloak-services",
          "versions": [
            {
              "lessThan": "22.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.5",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-20",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-09-09T13:48:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:28:23.282Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6493"
        },
        {
          "name": "RHSA-2024:6494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6494"
        },
        {
          "name": "RHSA-2024:6495",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6495"
        },
        {
          "name": "RHSA-2024:6497",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6497"
        },
        {
          "name": "RHSA-2024:6499",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6499"
        },
        {
          "name": "RHSA-2024:6500",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6500"
        },
        {
          "name": "RHSA-2024:6501",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6501"
        },
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7341"
        },
        {
          "name": "RHBZ#2302064",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064"
        },
        {
          "url": "https://github.com/advisories/GHSA-j76j-rqwj-jmvv"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T15:02:21.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:48:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-384: Session Fixation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7341",
    "datePublished": "2024-09-09T18:51:13.537Z",
    "dateReserved": "2024-07-31T15:13:22.220Z",
    "dateUpdated": "2026-04-01T13:28:23.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}